[arin-ppml] SWIPs & IPv6

Chris Engel cengel at sponsordirect.com
Thu Dec 3 12:19:52 EST 2009 

I'm probably going to get blasted for this, but speaking on the Enterprise side of things there are fairly understandable reasons why Enterprise Admins might want to avoid public disclosure of their contact information and why they sometimes put in contact information that isn't well monitored..... and why they might choose to utilize services like the privacy listings Domain Registrars provide.

Just like any other information it can be used for both legitimate and illegitimate purposes. That sort of information can be used to facilitate social engineering attacks, to SPAM the contacts themselves or mined to create targeted sales lists for telemarketing services that cater to Tech related industries. Frankly, it's been my experience that the volume and frequency of illegitimate use of this information far outweighs the legitimate use of it. I'll grant though that when it IS legitimately needed the importance of it being available (IMO) far outweighs the negatives of it being out there..... and frankly there are other avenues to obtain that sort of data. We keep our contact info public, but I can understand why many others don't want to .... and not because they are criminals or spammers....making THEIR data public they get to experience the downsides of that, but rarely the upsides... it's when they need the OTHER guys data that they see the importance.

Frankly, I'm not convinced of the utility of WHOIS information in catching criminals/spammers. Being who they are, those people almost never use their own systems to do their dirty work and they don't generally give out legitimate contact information that can be easily traced to them.... and in cases where they do it's usually because they are operating out of jurisdictions where it doesn't matter because the local authorities won't do anything about it (heck sometimes the guys doing it ARE the local authorities). The dynamic is pretty much the same as it is outside of cyberspace where you almost never see criminals (at least the less stupid ones)  use cars or guns that are actually registered to them in the commission of their crimes.

The real utility of accurate contact information, I think comes not in dealing with people who are actually committing malicious acts but rather those who may have innocently misconfigured their systems or may have been compromised by hackers and who's resources are being used without their knowledge.

So while maintaining accurate contact info is important, I can see why their is a legitimate desire (by people who aren't doing anything wrong) to have their info shielded as well. Gatekeeping services to such information are not inherently bad... as long as the gatekeepers themselves are responsive to legitimate requests for such info in a timely fashion.




Christopher Engel

More information about the ARIN-PPML mailing list