[arin-ppml] Comments on Draft Policy 2010-3: Customer Confidentiality

Jay Hennigan jay at impulse.net
Tue Apr 6 20:11:02 EDT 2010


On 4/6/10 4:17 PM, Steve Bertrand wrote:

> Even if an operator is half-baked, they still should know that it's
> trivial to look up the POCs for the encompassing block in the event that
> a receptionist responds with "no" when one asks "do you have a computer
> technician that looks after your stuff?".

The receptionist is likely to respond with a LAN vendor that may or may
not be in a position to fix the issue.  It may be trivial to look up the
POC for the encompassing block but it is another step, another phone
call or conversation, more delay, etc.

The ISP of a non-technical customer is likely to be more knowledgeable
regarding his customer's network than the receptionist and probably in a
better position to work directly with any other local vendors and
consultants.  Also the ISP is in a position to down an interface or add
an ACL *right now* in serious cases.

The end customer isn't going to want to spend money on a consultant to
fix something that isn't a problem (to them), and hasn't heard of some
remote network operator calling with a complaint.  And if the customer's
phone number is published in WHOIS, they'll likely dismiss any such
calls as just another  telemarketer.  (Telemarketers are the only ones
that ever call that number we were forced to publish, that's why we
never check that voice mail...)

> Better yet, I throw it right into the SWIP 'Comments' section, just to
> be safe:
> 
> Comment:    For other issues, or if the above contacts
> Comment:    are non-responsive, contact the ARIN POC registered
> Comment:    to the encompassing IP block.
> 
> Any person who values WHOIS for operational purposes will be able to
> glean the info they need, and will be able to identify whether the
> person on the other end of the phone is 'unresponsive' (such as a
> receptionist).

More work, more clutter, and more steps.

> What happens if a scrupulous LIR was getting paid for a client that was
> abusing my network, but had their personal information hidden? I
> couldn't create a baseline or filtering strategy based on IP, because
> they could just move them to another block. I can't monitor based on
> customer name, because it's 'protected'. Hence, I may be dealing with a
> moving target, with absolutely no classification ability to provide my
> upstreams with for aid.

I think you mean UNscrupulous LIR.

The customer name is not "protected" from what I read in the proposal.
The phone number and street address are.  If the customer is a
deliberate abuser, the phone number and contact information of said
abuser are going to be worthless.  Usually it's a virus/bot/smurf
amplifier type of issue where the customer is either unaware of the
problem or just notices that things are slow.

If the LIR is unscrupulous and deliberately supporting abusers, they
wouldn't have a problem with entering completely bogus SWIPs anyway.
This change isn't going to change the behavior of dishonest and
unscrupulous LIRs.  It is going to result in valid POCs of those in a
position to fix problems without having to deal with non-technical people.

Dishonest and abusive people will continue to be dishonest and abusive
regardless of the rules.

> Personally, I don't care about the privacy of my clients. They are on
> the global Internet, and with that goes your privacy (as far as IP
> addressing is concerned). I can't cross the Canada/US border anymore
> without identifying exactly who I am and what my address is, and I see
> no difference in this. I just like to know that if someone calls my
> client or myself, they'd be able to inform me immediately who is
> originating an issue so I can fix it.

Agreed, but in the majority of cases when they call your client they are
going to get little in the way of fixing.  They will wind up calling you
eventually anyway.  Why not have that be the first call they make?

> How do we know that you are not going to 'fix' the problem by rendering
> the client a new block? When they attack next week, and we call you
> again, how can we identify whether it is another one of your clients, or
> the same one?

See above.  And does it matter?  If you're an unscrupulous ISP that
deliberately harbors abusers, does the rest of the Internet care which
particular IP maps to which particular abuser today or next week or are
they likely to just refuse all of your packets?

>> Note that this proposal in my opinion is better for *technical* reasons,
>> without regard to any business and privacy concerns driving it.
> 
> I completely understand what your stance is on this and why you feel
> this way, as seemingly we have a similar type of client base. However,
> you, like I, are the ones who *will* properly fix a problem when
> required. I'm concerned about the ones who will use this as a loophole
> to avoid that.

I don't think this proposal will make a difference one way or another to
criminals and deliberate abusers.  It will result in faster resolution
of those cases where the actual user of the IP space is non-technical or
not staffed 24/7 by providing an immediate lookup of a contact more
likely to have the ability to resolve problems quickly and competently.

-- 
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV



More information about the ARIN-PPML mailing list