[arin-ppml] Comments on Draft Policy 2010-3
cengel at sponsordirect.com
Thu Mar 18 17:27:58 EDT 2010
Joe St Sauver wrote:
#When it comes to managing abuse, the issue is not mapping an indvidual IP
#to its encompassing network block -- I agree that this would continue to be possible under #draft policy 2010-3.
#Unfortunately the abuse management issue is actually a three step process:
#-- mapping an individual IP to the ultimately responsible *entity*
(the end user/customer), AND
#-- identifying the full set of *additional* network resources that
abusive entity may *also* control ("generalizing reputation"), AND
#-- applying appropriate sanctions (whether technical in nature, such
as blocklisting applicable network ranges, or administrative in
nature (civil suits or criminal enforcement, etc.)).
#The second and third steps become difficult to accomplish without the ability to successfully #complete the first step.
# As IPv4 exhaustion increases the value of number assets, I hope
# additional organizational attention can be devoted to insuring that
# more than 3.9% of IP whois point of contact data is correct/usable.
I'm not sure how many resources ARIN or any registry can afford or is willing to devote to audit & enforcement efforts for the accuracy of such information. I can imagine that even a very cursorary audit/enforcement effort will be a very resource intensive undertaking....and such an effort won't catch anyone seeking to obfuscate thier identity for malicious reasons if they are halfway smart about it. You would need a pretty streneous effort to do that.
Let's say you do probably the most cost effective thing and send out an e-mail to the contact e-mail address provided.... and if you don't get a response from that entity after X number of tries without a response you put them on some sort of RBL.
So how does knowing that SOMEONE responds to the e-mail address slipperymonkey at gmail.com get you any closer to getting the REAL identity of someone you can bring to Court (your step #3).
How does that help you know that 123 Anywhwere Street is a real street address.... or that the entity owning address block A - ACME Export, inc (contact slippermonkey at gmail.com) and the entity owning address block B - Vanderlay, Industries (contact shadymoose at hotmail.com) are ACTUALY the same entity (what you need to block access to them...your Step #2)?
For that you'd pretty much need to goto the ISP anyway to find out who signs the checks/credit cards for that block....which probably means going to the Courts.
Given that, it leaves the discussion centered on the block holders who AREN'T actualy malicious but who may be causing a problem inadvertantly. I'm pretty sure those people aren't going to have any issues giving out contact info to people who have a LEGITIMATE need for it (e.g. one of your IP's is flooding my network with SPAM). The problem is...under the current mechanism (anonymous WHOIS lookups) they have no means to differentiate people with a legitimate need for that info from the malicious folks themselves.
I'd have no problem giving out an after-hours call sheet or an escalation document to YOU...if one of my IP's happaned to be SPAM bombing you and you needed to contact me in order to get it stopped. Under WHOIS...how do I tell the difference between YOU and the guy who wants that info so that he can wake me up at 2:00 AM to sell me server space in Hong Kong?
I believe you are likely to get BETTER quality data if you actualy allow people some control over who USES that data and HOW. I don't think it's an unreasonable demand for people these days to request some controls/tracking over who gets thier information and why.
Right now, I don't see how WHOIS addresses that. Which means you aren't likely to VOLUNTARLY get any better info then organizations would be willing for the hackers/scammers/spammers get.... and INVOLUNTARY compliance is both expensive in terms of resources and earns ALOT of negative political capital. That's how I see it anyways.
More information about the ARIN-PPML