From john at chagres.net Thu Aug 8 19:04:51 2002 From: john at chagres.net (John M. Brown) Date: Thu, 8 Aug 2002 17:04:51 -0600 Subject: Anonymity...is it justification??? In-Reply-To: Message-ID: <008601c23f30$07350310$f9ecdfd8@laptoy> First example Bob: Would the customer beable to justify 20 contiguous /28 ? If so, then I don't think the RIR's care if they are out of different parts of your alloc's. Its your IGP, and you aren't pushing /28's to the nets BGP.. What Bob does with those addresses is between you and Bob via your contracts and AUP. That is controlled by your general business practices. If Bob or Many Bob's do things that other private networks dont like, you may see less connectivity to those other sites. Either way its not within the RIR's area of responsiblity to say. RIR's must be limited in their scope of policy. Second Example John: Does John qualify for 50 IP's ?? Can he do what he needs with 1, 10, ?? Again, thats more an internal policy rather than an external. Some companies will hand out IP's like they grew on trees, others are more conservative. If they can meet the requirements for the RIR's allocation, thats all they need to worry about. Its not the RIR's policy to generally control this directly. A RIR can affect a certain amount of control by not issuing an allocation in the future if the requester has been wasteful. Third Example, Random IP. The technology is called DialUp :) or DSL with DHCP.... Sorry, I don't see the need to be so obfusticated, at the network layer at least.. john brown > -----Original Message----- > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > Behalf Of Jill Kulpinski > Sent: Thursday, August 08, 2002 4:43 PM > To: ppml at arin.net; arin-discuss at arin.net > Subject: Anonymity...is it justification??? > Importance: High > > > > > Hello, > > We have had a few cases over the past few months that I > would like to > > make sure I understand ARIN's policy regarding. I would > also like to > > hear the opinions of the community. > > > > Bob wants address space, say 20 /28s that are as > 'non-contiguous' as > > possible (ideal is unique first octet #, lesser preference > is unique > > in second octet, etc.) in order to 'mask' themselves from > the person > > they are querying so the recipient can not block out a range of > > address space and evade Bob. Bob is performing what would be > > considered 'good spam' but I do not think that it is necessarily my > > call to be the internet ethics board regarding good and bad > queries. > > If this uniqueness is required for Bob to be successful as an > > enterprise...they are technically justified as there is not > currently > > a better means of appearing random...does the Hosting Provider have > > justification in assignment of non-contiguous space? > > > > John has a server that he wants to appear to other people as 50 > > servers and therefore he want 50 addresses for one physical > device. > > He is trying to access URLs that his users have > specifically requested > > to be signed up for (i.e. newsletter type deals), but with > the amount > > of mail John sends on behalf of his Customers from one IP to these > > sites, the site may block the IP from the mass mailings. Does the > > Hosting Provider allow multiple addresses per one physical > server to > > assist in the distribution of mail by not flooding a site with > > thousands of queries from one address? > > > > So, is the requirement from a business perspective to mask one's > > address through IP randomization of different forms appropriate to > > accept? I am having a hard time knowing where to draw the line at > > saying 'nope...not good justification'. I get the response from > > Prospects that they can not do business without being able > to appear > > anonymous and I do not necessarily feel okay with then telling them > > good-bye or recommending a different business. We have > been working > > to come up with alternative options for these Customers, > but then it > > gets to the point of almost designing their network > architecture and > > systems which was not the aim. Does the community have any > > suggestions on technology available that can provide anonymity > > without using a mass amount or dis-contiguous addresses? > What are the > > thoughts regarding this idea for justification of address > space? Is > > there an ARIN policy that applies at this time? If not, do > we need to > > develop one? > > > > Any input (constructive please) would be helpful and thanks > for your > > time. Jill Kulpinski > > > > > From ipadmin at eli.net Fri Aug 9 13:21:41 2002 From: ipadmin at eli.net (ipadmin at eli.net) Date: Fri, 9 Aug 2002 10:21:41 -0700 (PDT) Subject: Anonymity...is it justification??? In-Reply-To: <008601c23f30$07350310$f9ecdfd8@laptoy> Message-ID: Here's how we work it: 1. Assignments are handed out if justified. 2. The only justification I find for makeing seperate IP assignments out of seperate blocks is if there is a routing issue or equipment problem that requires seperate assignments. This is rare and when it has come around I make them send me a detailed outline of their network explaining why. 3. SPAM is SPAM. If they are sending out mail to people that did not request it they are spamming. If they have a problem with people blocking their IP's ...then they are sending out unsoliceted mail. People wont block things they want to receive. The only exception I've ran into with this is if they got blocked by use of the list on spews.org. However, from what you already wrote...I dont think this is the case. 4. We disconnect the repeat offending spammers. This is a slow process. If you can avoid having a spam customer.....I'd do it. 5. If we find that a new customer prospect was spamming with the IP's from their previouse provider...we dont take them on as a customer. 6. I do IP clean up on all blocks of IP's. It's a nightmare to get IP's off of lists after a spamming customer has been disco'd. Some have become totally unrecyclable due to spews.org. It costs your company to be a member of ARIN and to receive IP's. 7. As John hinted to...I'd get with your internet Manager and discuss what needs to be your Business Practice and possibly they should use a different internet product. 8. Everyone does it a little different. What we decided on as I detailed above was comprised of a budget decision, clean management of IP's and curteousy towards the internet community. Regards ELI IP Analyst On Thu, 8 Aug 2002, John M. Brown wrote: > First example Bob: > > Would the customer beable to justify 20 contiguous /28 ? > If so, then I don't think the RIR's care if they are out > of different parts of your alloc's. Its your IGP, and you > aren't pushing /28's to the nets BGP.. > > What Bob does with those addresses is between you and Bob > via your contracts and AUP. That is controlled by your > general business practices. If Bob or Many Bob's do things > that other private networks dont like, you may see less > connectivity to those other sites. Either way its not within > the RIR's area of responsiblity to say. RIR's must be limited > in their scope of policy. > > Second Example John: > > Does John qualify for 50 IP's ?? Can he do what he > needs with 1, 10, ?? Again, thats more an internal policy > rather than an external. Some companies will hand out IP's > like they grew on trees, others are more conservative. If they > can meet the requirements for the RIR's allocation, thats all > they need to worry about. > > Its not the RIR's policy to generally control this directly. > A RIR can affect a certain amount of control by not issuing > an allocation in the future if the requester has been wasteful. > > Third Example, Random IP. > > The technology is called DialUp :) or DSL with DHCP.... > > Sorry, I don't see the need to be so obfusticated, at the > network layer at least.. > > john brown > > > > > -----Original Message----- > > From: owner-ppml at arin.net [mailto:owner-ppml at arin.net] On > > Behalf Of Jill Kulpinski > > Sent: Thursday, August 08, 2002 4:43 PM > > To: ppml at arin.net; arin-discuss at arin.net > > Subject: Anonymity...is it justification??? > > Importance: High > > > > > > > > > Hello, > > > We have had a few cases over the past few months that I > > would like to > > > make sure I understand ARIN's policy regarding. I would > > also like to > > > hear the opinions of the community. > > > > > > Bob wants address space, say 20 /28s that are as > > 'non-contiguous' as > > > possible (ideal is unique first octet #, lesser preference > > is unique > > > in second octet, etc.) in order to 'mask' themselves from > > the person > > > they are querying so the recipient can not block out a range of > > > address space and evade Bob. Bob is performing what would be > > > considered 'good spam' but I do not think that it is necessarily my > > > call to be the internet ethics board regarding good and bad > > queries. > > > If this uniqueness is required for Bob to be successful as an > > > enterprise...they are technically justified as there is not > > currently > > > a better means of appearing random...does the Hosting Provider have > > > justification in assignment of non-contiguous space? > > > > > > John has a server that he wants to appear to other people as 50 > > > servers and therefore he want 50 addresses for one physical > > device. > > > He is trying to access URLs that his users have > > specifically requested > > > to be signed up for (i.e. newsletter type deals), but with > > the amount > > > of mail John sends on behalf of his Customers from one IP to these > > > sites, the site may block the IP from the mass mailings. Does the > > > Hosting Provider allow multiple addresses per one physical > > server to > > > assist in the distribution of mail by not flooding a site with > > > thousands of queries from one address? > > > > > > So, is the requirement from a business perspective to mask one's > > > address through IP randomization of different forms appropriate to > > > accept? I am having a hard time knowing where to draw the line at > > > saying 'nope...not good justification'. I get the response from > > > Prospects that they can not do business without being able > > to appear > > > anonymous and I do not necessarily feel okay with then telling them > > > good-bye or recommending a different business. We have > > been working > > > to come up with alternative options for these Customers, > > but then it > > > gets to the point of almost designing their network > > architecture and > > > systems which was not the aim. Does the community have any > > > suggestions on technology available that can provide anonymity > > > without using a mass amount or dis-contiguous addresses? > > What are the > > > thoughts regarding this idea for justification of address > > space? Is > > > there an ARIN policy that applies at this time? If not, do > > we need to > > > develop one? > > > > > > Any input (constructive please) would be helpful and thanks > > for your > > > time. Jill Kulpinski > > > > > > > > > >