[arin-ppml] 134.17.0.0/16

Danny McPherson danny at tcb.net
Thu May 1 15:50:58 EDT 2008 

On May 1, 2008, at 11:11 AM, Dylan Ebner wrote:

> Does ARIN have any kind of policy for recommendations to be made to  
> it's members for dealing with this kind of accused abuse?
> Does ARIN recommend that other organizations block incomming traffic  
> from these "hijacked" IP blocks?
> I am curious to what people's opinion is on this matter. Should the  
> ARIN community try to block incoming traffic from organizations that  
> engage in this pracrice as a means to defer people from attempting  
> this kind of IP takeover?
>
> As for my company,  we take a fairly hard line on what IP blocks we  
> allow inbound and therefore we block traffic from Russia, China,  
> etc. because we have deemed our employees do not need to surf those  
> sites while working. I have been debating since I read about the  
> Media Breakaway story if for security reasons we should block their  
> IP block as well. If they are willing to engage in this kind of  
> practice, what else are they willing to do?

I suspect at this point ARIN would steer well clear of
making any type of operational recommendations to
operators regarding these types of activities.

Of course, the root issue here is that even if a prefix were
hijacked, ARIN has no operational control over what's
actually routed and what's not - although the work with
RPKI and SIDR will change this, and those of you not
paying attention might want to have a sniff.

I would observe that if you're sending spam from blocks
of legacy address space IN-ADDR functionality is important,
and perhaps the only reason one might sign a legacy RSA,
rather than just simply announcing the space and using it
for whatever gives you your fix.

Finally, in reviewing this the other day, I did find the text
under Q2 here:

<http://www.arin.net/registration/agreements/legacy_rsa_faq.html>

"The fees charged are intended to maintain accurate account
records, to prevent hijacking or unforward events, not burden
the Legacy address holder" somewhat ambiguous, and well
in need of some clarifying text - for obvious reasons.

-danny

More information about the ARIN-PPML mailing list