[ppml] Policy Proposal 2003-1a: Required Performance of Abuse Contact

McBurnett, Jim jmcburnett at msmgmt.com
Wed Mar 12 06:29:49 EST 2003 

JOhn,
I don't see it quite that way...
Unless Sprint is using RFC1918 address in it's network infrastructure,
why not just use Null routing?
1 instace takes care of the whole network... And if it is redistributed 
via iBGP then no need for a blue gazillin of ACLs..

Anyway,
Jim




> -----Original Message-----
> From: John M. Brown [mailto:john at chagres.net]
> Sent: Wednesday, March 12, 2003 4:07 AM
> To: 'Dr. Jeffrey Race'; ppml at arin.net
> Subject: RE: [ppml] Policy Proposal 2003-1a: Required Performance of
> Abuse Contact
> 
> 
> Yes the system is broken.  Service providers need to start
> filtering on the edge of their networks to prevent bad packets
> from entering their networks.  
> 
> Socially SPAM needs to be addressed in a manner that allows
> people(natural or otherwise) to affect self-help and be provided
> the tools to take legal action against the spammers.  Much like
> the TCPA does with junk-fax.  You don't see the "phone company"
> revoking a phone line because its been used for sending junk
> faxes.
> 
> 
> When service providers like Sprint (AS 1239) and UUNET (AS 701)
> actually apply ingres filtering in such a manner that we no 
> longer see RFC-1918 packets on edge transit links, then we 
> will be getting someplace.
> 
> Oh BTW  filters on a Sprint Ingress link show:
> 
> rt01#sh access-list as1239-in
> Extended IP access list as1239-in (Compiled)
>     deny ip 10.0.0.0 0.255.255.255 any (618129 matches)
>     deny ip 172.16.0.0 0.15.255.255 any (254224 matches)
>     deny ip 192.168.0.0 0.0.255.255 any (488749 matches)
>     deny ip 169.254.0.0 0.0.255.255 any (716 matches) 
> 
> This is during a 24 hour window, on ONE customer DS3 interface.
> Wonder what the aggregate count would be across their entire net.
> (Prolly less than a OC12 worth of traffic)
> 
> (ARIN, RIPE, APNIC Please revoke their AS, all their routes 
> from the internet because they allow spoofed packets to 
> enter their networks)
> 
> This is clearly ABUSE as the IETF has specified that IP packets
> labled with these integers (RFC-1918) MUST NOT be routed to the 
> global Internet.
> 
> 
> So "We can conclude" that Sprint is abusing a majority of its 
> customers
> with low volume DDOS by allowing these packets to exist....  
> 
> May I ask, who is going to Pay Sprint to place these filters on
> every edge router in their global network???   
> 
> May I ask, who is going to revoke AS 1239 and remove its ability to
> be used in the global BGP routing tables ??   I think, speaking
> for our client, that should that happen the org that causes this
> problem (in this case ARIN) would be facing legal action for 
> interfering with interstate commerce and for possible RICO,
> anti-trust practices, and interfering with contractual relations
> that it is not a party to.
> 
> Bluntly, this is a bad idea and deserves a red t-shirt.
> 
> And for the record.  Our client thinks Sprint runs a pretty
> darn good network.  We only used their name and stats as a way
> of putting reality to this proposal.  
> 
> 
> Msg to ARIN AC and BOT.  Please spend your time on something like
> say, IPv6 and making those resources more available to people that
> want to start using them.
> 
> john brown
> 
> 
> >  We can also conclude that
> > unless a discipline mechanism is adopted, problems of 
> > viruses, trojans, spam and ddos will continue to multiply, as 
> > they are now. The rising numbers for all of these metrics 
> > show the system as now operated is broken.
> > 
> > Jeffrey Race
> > 
> > 
> > 
> 
>

More information about the ARIN-PPML mailing list