[ppml] Policy Proposal 2003-1a: Required Performance of Abuse Contact
Owen DeLong
owen at delong.com
Wed Mar 12 13:21:03 EST 2003
John,
You're missing the point of the policy. The policy does not
allow ARIN to revoke SPRINTs AS or IPs because they are conducting
this abuse. If SPRINT's contact were unreachable or did not respond
to complaints about this issue, then ARIN could revoke the IPs.
The policy deliberately avoids addressing abuse and is strictly
intended to force the requirement that the ORGs accept and respond to
abuse complaints. It deliberately avoids defining what that response
must be.
I'm not overly impressed with SPRINT's network, but, I do think,
that in spite of their continued abuse, their abuse department does provide
an adequate response to meet the terms of this policy.
As such, thank you for that reality. I hope it will allow you to
see the reality of why this policy is a good idea and how it was intended
to address exactly the concerns you have raised!
Owen
--On Wednesday, March 12, 2003 2:07 AM -0700 "John M. Brown"
<john at chagres.net> wrote:
> Yes the system is broken. Service providers need to start
> filtering on the edge of their networks to prevent bad packets
> from entering their networks.
>
> Socially SPAM needs to be addressed in a manner that allows
> people(natural or otherwise) to affect self-help and be provided
> the tools to take legal action against the spammers. Much like
> the TCPA does with junk-fax. You don't see the "phone company"
> revoking a phone line because its been used for sending junk
> faxes.
>
>
> When service providers like Sprint (AS 1239) and UUNET (AS 701)
> actually apply ingres filtering in such a manner that we no
> longer see RFC-1918 packets on edge transit links, then we
> will be getting someplace.
>
> Oh BTW filters on a Sprint Ingress link show:
>
> rt01#sh access-list as1239-in
> Extended IP access list as1239-in (Compiled)
> deny ip 10.0.0.0 0.255.255.255 any (618129 matches)
> deny ip 172.16.0.0 0.15.255.255 any (254224 matches)
> deny ip 192.168.0.0 0.0.255.255 any (488749 matches)
> deny ip 169.254.0.0 0.0.255.255 any (716 matches)
>
> This is during a 24 hour window, on ONE customer DS3 interface.
> Wonder what the aggregate count would be across their entire net.
> (Prolly less than a OC12 worth of traffic)
>
> (ARIN, RIPE, APNIC Please revoke their AS, all their routes
> from the internet because they allow spoofed packets to
> enter their networks)
>
> This is clearly ABUSE as the IETF has specified that IP packets
> labled with these integers (RFC-1918) MUST NOT be routed to the
> global Internet.
>
>
> So "We can conclude" that Sprint is abusing a majority of its customers
> with low volume DDOS by allowing these packets to exist....
>
> May I ask, who is going to Pay Sprint to place these filters on
> every edge router in their global network???
>
> May I ask, who is going to revoke AS 1239 and remove its ability to
> be used in the global BGP routing tables ?? I think, speaking
> for our client, that should that happen the org that causes this
> problem (in this case ARIN) would be facing legal action for
> interfering with interstate commerce and for possible RICO,
> anti-trust practices, and interfering with contractual relations
> that it is not a party to.
>
> Bluntly, this is a bad idea and deserves a red t-shirt.
>
> And for the record. Our client thinks Sprint runs a pretty
> darn good network. We only used their name and stats as a way
> of putting reality to this proposal.
>
>
> Msg to ARIN AC and BOT. Please spend your time on something like
> say, IPv6 and making those resources more available to people that
> want to start using them.
>
> john brown
>
>
>> We can also conclude that
>> unless a discipline mechanism is adopted, problems of
>> viruses, trojans, spam and ddos will continue to multiply, as
>> they are now. The rising numbers for all of these metrics
>> show the system as now operated is broken.
>>
>> Jeffrey Race
>>
>>
>>
>
More information about the ARIN-PPML
mailing list