[arin-ppml] Policy Proposal 95: Customer Confidentiality

Steve Bertrand steve at ibctech.ca
Thu Jan 28 22:20:41 EST 2010


Aaron Wendel wrote:

> If you are being scanned by a machine on my network I'm the first, and in
> most cases, the only one that needs to know about it and the only one that
> can do anything for you.

I don't think we're going to get anywhere with this policy, because my
objectives have been solely focused on the fact that everyone will
actually create proper SWIP records, and have the same mentality that I
do, that the Internet runs based on the best interest of the community.

With that said...

I know how to look up your abuse PoC if the front-desk lady is the
recipient of my phone call when I call the number listed in their SWIP.
I will find you. So will anyone else troubleshooting a problem that
requires digging up whois information.

You, being a good netizen, having client SWIP info in the database,
allows me to get the information of your client that is attacking me,
and pass it along to a peer in the event that they see the same IP block
attacking them via a different path. Or, if your malicious client signs
up with an SP who also is a good community member, will list the same
info in whois.

Again, it's unlikely, as I'm slowly loosing faith that all ISPs are good
ISPs :)

Aside from knowing how to find you without you hiding information, did
you consider what I said earlier about the potential advertisement
stream for your clients that could be whois?

Perhaps they may *want* to have their info listed. If you really feel
that harvesters can find your clients that easily, perhaps your clients
may believe that they can be found the same way for new revenue/market
streams by potential clients of their own.

Steve



More information about the ARIN-PPML mailing list