[ppml] Abstract of proposed Internet Draft for Best CurrentPractice (please comment)

Steve Atkins steve at blighty.com
Tue Feb 18 21:09:19 EST 2003

On Wed, Feb 19, 2003 at 08:19:40AM +0700, Dr. Jeffrey Race wrote:
> On Tue, 18 Feb 2003 10:35:33 -0700, John M. Brown wrote:
> >no they don't  The ability to accept routes from a customer
> >is strictly a matter between the service provider and
> >its customer.
> >
> >We do not need to overload protocols with this type of 
> >data.
> >
> >I can see a nice little DDOS vector here.  Happy Hacker
> >tricks BGP into revoking EBAY's prefix, EBAY looses
> >millions, sues RIR.
> My original proposal <http://www.camblab.com/misc/univ_std.txt>
> states that action is to be taken only after sufficient 
> investigation to prevent such errors.    From traffic on Spam-L
> it is apparent that joe-jobs and fraudulent routings are 
> discovered in hours by the cognoscenti who live there.

Wrongly, in many cases. If you work an abuse desk or work with abuse
desks you rapidly discover that the universe isn't as obvious as some
of the amateurs think it is.

Actually investigating to discover the truth of what happened in a
particular incident is not trivial. It requires a lot of skill and can
be very time-consuming (a latency of weeks or more in some cases that
we've handled recently).

And an ISP can afford to terminate a customer with very little
liability as long as they have reasonable evidence that a customer
violated their contract (which usually includes an AUP by reference).
That's a much easier position than a third-party would be in.

I wouldn't care to be in the position of an RIR trying to do that, let
alone having to fund the abuse investigation team and legal staff that
would be needed to do so.

-- Steve Atkins -- steve at blighty.com -- http://word-to-the-wise.com/

More information about the ARIN-PPML mailing list