[arin-ppml] Policy Proposal 95: Customer Confidentiality
Joe Morgan
joe at joesdatacenter.com
Thu Jan 28 20:54:47 EST 2010
I don't understand why its ridiculous that I be contacted. If I have a
customer abusing my TOS than I should know about it. I can only assume
if a customer has a compromised box or is doing malicious activity on
purpose that they are either going to keep doing it out of ignorance
or are going to keep doing it for other malicious reasons. The license
plate analogy also does not make any sense to me does your landlord
own the car? If I hit your car parked on the side of the road should I
contact you the owner or a buddy you had borrow the car? Does your
landlord put every renter on the title? At the end of the day the
proposal is about keeping my customer list private from other
competitors and the proposal does not say I have to hide this
information for all customers only that I have a choice to keep some
information private. If a customer of mine has a asn and there own bgp
session then this is not really an issue at all because they would not
be using my ip space. And yes there are ways to track down customers
on my network via bgp feeds or even reverse dns but that is much more
difficult than just having a list provided by arin. Also on the abuse
argument at the end of the day the only person who has control of what
customers are doing on my network is me. If I decide that a customer
is malicious in nature I shut them off. But that really has nothing to
do with this proposal.
On Thu, Jan 28, 2010 at 7:31 PM, George Bonser <gbonser at seven.com> wrote:
>>
>> There's something wrong about that sentence. If an IP address that has
>> been SWIP'ed to a specific site is performing blatant network scans
>> against you, I want you to be able to know who it is.
>>
>> To me, trying to hide customer information like this is much like
>> security through obscurity, imho.
>
>
> There is another issue as well. Say someone has a misconfigured server,
> going through their transit provider to get them to fix it seems
> ridiculous.
>
> If one of your customers is engaging in malicious activity, I want to
> know not only who it is, but what other blocks do they have so I can
> keep an eye on those source addresses, too. And when they move to a
> different provider, I want to know that, too.
>
> If a customer has an AS and uses BGP, who their upstream connectivity
> comes from can be obtained without whois. Any major network on the
> planet has the BGP routing table. So are you asking that ASN
> information be private, too?
>
> The license plate on my car doesn't have my landlord's number on it. It
> has my number on it. And if I move to a different place, it still has
> my license number on it and not my new landlords. And if someone has a
> problem with what I am doing, they don't go to my landlord to get it
> sorted out.
>
> George
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
--
Thank You,
Joe Morgan
Joe's Datacenter, LLC
http://joesdatacenter.com
More information about the ARIN-PPML
mailing list