[ppml] NANOG IPv4 Exhaustion BoFRe: NANOG IPv4 Exhaustion BoF

Leo Bicknell bicknell at ufp.org
Fri Mar 7 12:15:19 EST 2008 

In a message written on Fri, Mar 07, 2008 at 07:56:30AM -0800, David Conrad wrote:
> If IPv4 post free pool exhaustion demand is a reasonable percentage of  
> current demand and there is no way for that demand to be met through  
> transfers, do you still posit a black market would be insignificant?

Yes.

How does an ISP tell the difference between a hijacked route (even
accidently, think YouTube recently) and a route for a resource sold by
YouTube on the black market?

The answer is, they don't.  ISP's today check whois and ask for
LOA's to route space because they know without doing it hijacking
may be more widespread and affect their customers.  In the black
market case this problem actually gets worse.  Don't like ProvderX?
Find all their customers, chop up the space, sell it on the black
market.  Wait for chaos.  People sell ocean front property in
Arizona, bridges in new york, people will sell things they do not
have any relationship with at all, and someone will buy it.

For ISP's to open this up is mutually assured destruction.  If I
accept a route that takes your customer offline, you'll do the same
to me.  A few months later and none of our customers will want
anything to do with us, or the IPv4 internet.  No, the only path
forward for large, legitimate ISP's is to continue to treat the
black market space as they do today, poisoned and unroutable.

Remember too, successful black markets (illegal drugs, moonshine,
even fake CD's and DVD's) generally have strong branding.  The guy
buying from a street corner has even more reason to suspect he's
going to get ripped off and is more cautious than a standard consumer.
Large black markets brand their products, monkeys on the E tablets,
moonshine with elaborate labels, CD's and DVD's with intros stating
"warezed by cOoLd00d23" to build consumer confidence.  I'm not
seeing how a black market IP dealer could develop brand loyalty in
this way.

> Last I checked, ARIN did not have force of law or regulation and had  
> little control over what peers do amongst themselves.  Perhaps more  
> interestingly, it may be useful to remember that ARIN is not a  
> monopoly in IPv4 address registration services.  There are already two  
> other potential venues for transfer registration services (with  
> proposed transfer policies that are significantly less onerous) and  
> those venues are already viewed as legitimate by large corporations (I  
> imagine the ones you speak of are already members).

I never said ARIN would enforce law or regulation.

I suspect if I offered DoD address space for sale on eBay someone
would pay me a visit right quick.  I bet I'd be charged with a crime
too, or at least sent to Guantanamo.  If the number of hijackings
increase the government will step in and arrest people for fraud,
"hacking", tax evasion, or the litany of other things they use to
control crime.  Deals will go bad and people will sue each other
over them; or in another form of regulation send Bruno over with a
baseball bat.

As for other RIR's, if ARIN has no transfer policy and APNIC does,
more power to companies who can go off and participate in APNIC's
system.  I do not see the existence, or lack of a transfer policy in
APNIC making any significant difference in the black market in the ARIN
region either way.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080307/186bfff3/attachment.sig>

More information about the ARIN-PPML mailing list