[ppml] /29 limit for ARIN SWIP whois

Leo Bicknell bicknell at ufp.org
Wed Jan 9 14:16:34 EST 2008 

In a message written on Wed, Jan 09, 2008 at 02:01:19PM -0500, Paul G. Timmins wrote:
> I'm not sure what their upstream's abuse POC would have done in the
> above circumstances, but I'm glad they populated whois.

Note, I know of at least two ISP's that switched from rwhois to
SWIP solely so their customers information would be visible to the
general public.  They preferred to have the customer contacted
directly first, rather than have their abuse desk deal with all
complaints.  That's a business model choice.

I don't advocate removing that choice.  If an ISP wants to publish
down to the /32 level, more power to them.  Indeed, if you look at
RIPE's whois server, not only can you publish that level of detail,
but the end ISP is given "remarks" fields where they can populate
information like how to contact them, what their BGP communities
mean and all sorts of other information.  It would be valuable if
ARIN had that sort of facility.  RIPE proves that such optional
fields would be used by many ISP's.

However, while I think ISP's should have the option of putting more
data in whois, via more interfaces (web, api, e-mail templates) I
am strongly opposed to requireing any data beyond who arin made an
assignment or allocation to public.  We should not have to "out"
grandma because she bought a DSL line.  There should not be a privacy
divide between static and DHCP addresses.  Saying you can't have a
"unlisted" IP address without having an unlisted phone number is
silly.

Moreover, if Grandma's computer is taken over by a bot is it better
to have random people on the internet e-mailing her, calling her,
showing up at her door with pitchforks in hand yelling "stop scum!"
or is it better for her ISP to be notified; someone she is paying
for support and has technicians who can walk her through installing
AV software (that many ISP's provide for free)?

If a computer is run by a real bad actor, a criminal enterprise
making millions of dollars off of spam would you rather have them
simply kicked off a provider only to reappear on another, or would
you rather have them put in prision?  Mob justice only accomplishes
the former, and makes it harder for law enforcement to do the latter
as peole are not working with them to get them the information they
need, and the result of sending them underground is the information
is harder to collect.

It may be satisifing to e-mail some bozo who sent you spam and say
"you're an idiot".  It may seem useful to put them on some black
list somewhere and match them up.  However, all you're doing is
training a better spammer.  We've had 10 years of people taking
these sorts of actions and spam has grown year over year.  Vigilante
justice doesn't work in the real world or the cyber world, no matter
how good it makes people feel.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080109/704f1dc4/attachment.sig>

More information about the ARIN-PPML mailing list