[ppml] Policy Proposal 2003-1a: Required Performance of Abuse Contact

John M. Brown john at chagres.net
Wed Mar 12 04:07:22 EST 2003


Yes the system is broken.  Service providers need to start
filtering on the edge of their networks to prevent bad packets
from entering their networks.  

Socially SPAM needs to be addressed in a manner that allows
people(natural or otherwise) to affect self-help and be provided
the tools to take legal action against the spammers.  Much like
the TCPA does with junk-fax.  You don't see the "phone company"
revoking a phone line because its been used for sending junk
faxes.


When service providers like Sprint (AS 1239) and UUNET (AS 701)
actually apply ingres filtering in such a manner that we no 
longer see RFC-1918 packets on edge transit links, then we 
will be getting someplace.

Oh BTW  filters on a Sprint Ingress link show:

rt01#sh access-list as1239-in
Extended IP access list as1239-in (Compiled)
    deny ip 10.0.0.0 0.255.255.255 any (618129 matches)
    deny ip 172.16.0.0 0.15.255.255 any (254224 matches)
    deny ip 192.168.0.0 0.0.255.255 any (488749 matches)
    deny ip 169.254.0.0 0.0.255.255 any (716 matches) 

This is during a 24 hour window, on ONE customer DS3 interface.
Wonder what the aggregate count would be across their entire net.
(Prolly less than a OC12 worth of traffic)

(ARIN, RIPE, APNIC Please revoke their AS, all their routes 
from the internet because they allow spoofed packets to 
enter their networks)

This is clearly ABUSE as the IETF has specified that IP packets
labled with these integers (RFC-1918) MUST NOT be routed to the 
global Internet.


So "We can conclude" that Sprint is abusing a majority of its customers
with low volume DDOS by allowing these packets to exist....  

May I ask, who is going to Pay Sprint to place these filters on
every edge router in their global network???   

May I ask, who is going to revoke AS 1239 and remove its ability to
be used in the global BGP routing tables ??   I think, speaking
for our client, that should that happen the org that causes this
problem (in this case ARIN) would be facing legal action for 
interfering with interstate commerce and for possible RICO,
anti-trust practices, and interfering with contractual relations
that it is not a party to.

Bluntly, this is a bad idea and deserves a red t-shirt.

And for the record.  Our client thinks Sprint runs a pretty
darn good network.  We only used their name and stats as a way
of putting reality to this proposal.  


Msg to ARIN AC and BOT.  Please spend your time on something like
say, IPv6 and making those resources more available to people that
want to start using them.

john brown


>  We can also conclude that
> unless a discipline mechanism is adopted, problems of 
> viruses, trojans, spam and ddos will continue to multiply, as 
> they are now. The rising numbers for all of these metrics 
> show the system as now operated is broken.
> 
> Jeffrey Race
> 
> 
> 




More information about the ARIN-PPML mailing list