From jcurran at arin.net Tue Jun 14 04:58:09 2016 From: jcurran at arin.net (John Curran) Date: Tue, 14 Jun 2016 08:58:09 +0000 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration Message-ID: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> ARIN Services WG (SWG) - Please find attached the ?CKN23" project document and an overview slide deck of same, for your consideration. Leslie Nobile produced these and is available to brief the Services WG on the issue and potential options for moving forward. It would be my desire the Services WG consider the matter and provide an initial recommendation on how to proceed. I would inform the ARIN community of this direction by putting the matter out for community consultation along with the SWG?s recommendation. Please review the materials at your convenience, and we?ll arrange a teleconference in the near future to review jointly. Thank you! /John John Curran President and CEO ARIN -------------- next part -------------- A non-text attachment was scrubbed... Name: CKN23-ARIN.pdf Type: application/pdf Size: 1074704 bytes Desc: CKN23-ARIN.pdf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: CKN23 doc.final with graphics.pdf Type: application/pdf Size: 1941445 bytes Desc: CKN23 doc.final with graphics.pdf URL: From daveid at panix.com Tue Jun 14 05:18:24 2016 From: daveid at panix.com (David R Huberman) Date: Tue, 14 Jun 2016 05:18:24 -0400 (EDT) Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration In-Reply-To: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> Message-ID: Hello, >From the document, the problem statement appears to be that CKN23-ARIN is worrisome to staff because: 1) The resources are targets for hijacking; 2) Erodes community confidence in Whois accuracy; and 3) Unhappy POCs from pre-1998 who haven't updated records. I'll be blunt and say 2) and 3) prompt no sympathy from me, and are not valid problems, in my opinion. In response to 1), I would think an analysis of all historical and known hijack targets, mapped to routed vs. unrouted at the time of hijacking, would be a good next step. This work ensures the problem statement is valid, and that CKN23-ARIN is the impetus for picking the block, and not just simply a lack of a route announcement in a typical DFZ. David From jcurran at arin.net Tue Jun 14 05:40:26 2016 From: jcurran at arin.net (John Curran) Date: Tue, 14 Jun 2016 09:40:26 +0000 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration In-Reply-To: References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> Message-ID: <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net> On Jun 14, 2016, at 4:18 AM, David R Huberman wrote: > > Hello, > > From the document, the problem statement appears to be that CKN23-ARIN is worrisome to staff because: > > 1) The resources are targets for hijacking; > 2) Erodes community confidence in Whois accuracy; and > 3) Unhappy POCs from pre-1998 who haven't updated records. > > I'll be blunt and say 2) and 3) prompt no sympathy from me, and are not valid problems, in my opinion. David - Actually, this issue has originated not with staff, but from a significant number of folks who have found themselves no longer able to update the DNS servers (or origin AS) for a legacy network block, either though they were the original technical contact. If the Services WG believes that the database should remain as-is, we are quite happy to proceed accordingly. > In response to 1), I would think an analysis of all historical and known hijack targets, mapped to routed vs. unrouted at the time of hijacking, would be a good next step. Could you be more specific regarding ?hijack targets?? Would that be IP address blocks that staff has believed have been hijacked or had hijacking attempted? > This work ensures the problem statement is valid, and that CKN23-ARIN is the impetus for picking the block, and not just simply a lack of a route announcement in a typical DFZ. At present, it is unlikely that CKN23-ARIN is being used to target IP address blocks for hijacking - i.e. in the present state, it is fairly hard to hijack these because of the changes to the database that have been made and the institution of CKN-23. The problem that we are experiencing is that many folks complain that they are no longer listed as the resource POC on an address block, even though they were the original technical contact, the anti- hijack changes have resulted in them being an informational ?abuse? contact on the record. We can revert this (and risk increased number of hijackings) or we can revert this (and lock the records so that there still needs to be review at ARIN before changing the resource records) I hope this helps explain the issue, /John From daveid at panix.com Tue Jun 14 15:27:10 2016 From: daveid at panix.com (David R Huberman) Date: Tue, 14 Jun 2016 15:27:10 -0400 (EDT) Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration In-Reply-To: <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net> References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net> Message-ID: John, Thank you for the reply. You wrote: > Actually, this issue has originated not with staff, but from a significant > number of folks who have found themselves no longer able to update > the DNS servers (or origin AS) for a legacy network block, either though > they were the original technical contact. Wait. That's by design, isn't it? If Block X is registered to Company Y, then any authorized employee of Company Y can update the rDNS or origin_AS through normal channels. Anyone complaining they _can't_ update is *possibly* unauthorized (and therefore should go through ARIN's procedures). Right? David From jcurran at arin.net Tue Jun 14 16:40:45 2016 From: jcurran at arin.net (John Curran) Date: Tue, 14 Jun 2016 20:40:45 +0000 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration In-Reply-To: References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net> Message-ID: On Jun 14, 2016, at 2:27 PM, David R Huberman > wrote: John, Thank you for the reply. You wrote: Actually, this issue has originated not with staff, but from a significant number of folks who have found themselves no longer able to update the DNS servers (or origin AS) for a legacy network block, either though they were the original technical contact. Wait. That's by design, isn't it? If Block X is registered to Company Y, then any authorized employee of Company Y can update the rDNS or origin_AS through normal channels. Anyone complaining they _can't_ update is *possibly* unauthorized (and therefore should go through ARIN's procedures). Right? David - Slightly more convoluted case (and obviously this is predominantly an issue with legacy address blocks that have been long ignored?) Jim Smith gets an /24 for his networking company ?Sprockets? in 1994, so that he can connect to the Internet. He gets /24) and connects to the Internet via one the early commercial ISPs. The netblock reads as follows: Sprockets 4131 El Camino Real, Palo Alta CA X.Y.Z/24 Jim Smith jim at well.com Apparently, Jim left Sprockets sometime in the late 90?s? Twenty years later, Jim has called and is very upset with ARIN for having ?munged it" all up - 1) The organization field is set to ?Sprockets?, not him. 2) The Admin Contact for the organization says CKN-23 3) While he would swear he was the tech contact on the Sprockets org (he still has his Well email and updated the DNS servers around 2005 to a friend?s DNS server), but for for some reason it now says CKN-23 for Tech Contact and he can?t regain control of the Sprockets org record. 4) He is now listed only as the Abuse contact. Jim?s not a happy camper, and wants to know why ARIN disassociated him with his address block randomly sometime after 2010. Jim says that he?s been been using the address block for his house since leaving Sprockets (no public IP, but he just uses NAT and connects via his public cable modem IP address.) ARIN has very much has disassociated him from the address block, and actually may not let him recover the IP address block until he?s recovered Sprockets. Sprockets may have melted down, been sold, etc. and it is not clear that Jim has any paperwork that covers his exit, use of the IP block, or anything that happened to Sprockets. Because we no longer allow him as a abuse contact to update the DNS servers, he can?t even use ?his? IP block now that he?s getting a nice new Internet connection. Does that help clarify the typical concern that we?re hearing from some legacy address holders over our CKN23 database changes over the years? /John -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Jun 14 17:37:13 2016 From: jcurran at arin.net (John Curran) Date: Tue, 14 Jun 2016 21:37:13 +0000 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration (case #2) In-Reply-To: References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net>

Message-ID: On Jun 14, 2016, at 3:40 PM, John Curran > wrote: ... Jim Smith gets an /24 for his networking company ?Sprockets? in 1994, so that he can connect to the Internet. He gets /24) and connects to the Internet via one the early commercial ISPs. The netblock reads as follows: Sprockets 4131 El Camino Real, Palo Alta CA X.Y.Z/24 Jim Smith jim at well.com Apparently, Jim left Sprockets sometime in the late 90?s? Twenty years later, Jim has called and is very upset with ARIN for having ?munged it" all up - ... Jim?s not a happy camper, and wants to know why ARIN disassociated him with his address block randomly sometime after 2010. Jim says that he?s been been using the address block for his house since leaving Sprockets (no public IP, but he just uses NAT and connects via his public cable modem IP address.) ...Because we no longer allow him as a abuse contact to update the DNS servers, he can?t even use ?his? IP block now that he?s getting a nice new Internet connection. Now on to the more dangerous variation of this story - it starts the same, sounds the same to ARIN, and it is only in a few (unknown to us) details that it differs - - Spockets was sold to Widgets, Inc sometime in late ?90s - Widgets renumbered the servers when they moved them to Widgets HQ and promptly forgot about the X.Y.Z/24 IP address block... It?s highly likely (absent a transaction to the contrary) that the rights to the X.Y.Z/24 IP address block are held by Widgets Inc. This hasn?t prevented technical contacts for long-lost companies from trying to hijack unused address blocks and monetize them (i.e. if ARIN would just play along?) The change of tech contact to abuse significantly reduces the risk of hijack, although it could be argued that it excessively impacts legacy address holders (those who have not been updating their IP address records over time.) /John -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at peterson.org Tue Jun 14 18:33:37 2016 From: matt at peterson.org (Matt Peterson) Date: Tue, 14 Jun 2016 17:33:37 -0500 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration (case #2) In-Reply-To: References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net>

Message-ID: Maybe I'm missing something here, why not have whois present a flag if the POC record has been validated recently or not. In the case of this, clearly that field would be null or a very old date. On Tue, Jun 14, 2016 at 4:37 PM, John Curran wrote: > On Jun 14, 2016, at 3:40 PM, John Curran wrote: > > ... > Jim Smith gets an /24 for his networking company ?Sprockets? in 1994, > so that he can connect to the Internet. He gets /24) and connects to > the Internet via one the early commercial ISPs. > > The netblock reads as follows: > > Sprockets > 4131 El Camino Real, Palo Alta CA > X.Y.Z/24 > Jim Smith > jim at well.com > > Apparently, Jim left Sprockets sometime in the late 90?s? > > Twenty years later, Jim has called and is very upset with ARIN for having > ?munged it" all up - ... > > > Jim?s not a happy camper, and wants to know why ARIN disassociated him > with his address block randomly sometime after 2010. Jim says that he?s > been been using the address block for his house since leaving Sprockets > (no public IP, but he just uses NAT and connects via his public cable > modem > IP address.) ...Because we no longer allow him > as a abuse contact to update the DNS servers, he can?t even use ?his? IP > block now that he?s getting a nice new Internet connection. > > > Now on to the more dangerous variation of this story - it starts the same, > sounds > the same to ARIN, and it is only in a few (unknown to us) details that it > differs - > > - Spockets was sold to Widgets, Inc sometime in late ?90s > - Widgets renumbered the servers when they moved them to Widgets > HQ and promptly forgot about the X.Y.Z/24 IP address block... > > It?s highly likely (absent a transaction to the contrary) that the rights > to the > X.Y.Z/24 IP address block are held by Widgets Inc. > > This hasn?t prevented technical contacts for long-lost companies from > trying > to hijack unused address blocks and monetize them (i.e. if ARIN would just > play along?) > > The change of tech contact to abuse significantly reduces the risk of > hijack, > although it could be argued that it excessively impacts legacy address > holders > (those who have not been updating their IP address records over time.) > > /John > > _______________________________________________ > Services-wg mailing list > Services-wg at arin.net > http://lists.arin.net/mailman/listinfo/services-wg > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Jun 14 19:00:38 2016 From: jcurran at arin.net (John Curran) Date: Tue, 14 Jun 2016 23:00:38 +0000 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration (case #2) In-Reply-To: References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> <0D6FB0EF-22E1-4A5A-8F13-1582ECE62785@arin.net>

, Message-ID: As noted in the document, a similar option would be to restore the records to original state, and then lock those which have not been updated recently (until the contacts come in and refresh their information.) Your proposal would also do the job. It is also possible that the current state is "a feature not a bug" and thus should stay as-is. What I do know is that additional insight (beyond just the staff) is quite desirable... (luckily, the Board agreed that I can use this cool Services WG to tap for their wisdom...) The goal is a recommendation to bring to the ARIN community; it can be one in the document or something created by this group, whatever you prefer. :-) /John On Jun 14, 2016, at 5:31 PM, Matt Peterson > wrote: Maybe I'm missing something here, why not have whois present a flag if the POC record has been validated recently or not. In the case of this, clearly that field would be null or a very old date. On Tue, Jun 14, 2016 at 4:37 PM, John Curran > wrote: On Jun 14, 2016, at 3:40 PM, John Curran > wrote: ... Jim Smith gets an /24 for his networking company "Sprockets" in 1994, so that he can connect to the Internet. He gets /24) and connects to the Internet via one the early commercial ISPs. The netblock reads as follows: Sprockets 4131 El Camino Real, Palo Alta CA X.Y.Z/24 Jim Smith jim at well.com Apparently, Jim left Sprockets sometime in the late 90's... Twenty years later, Jim has called and is very upset with ARIN for having "munged it" all up - ... Jim's not a happy camper, and wants to know why ARIN disassociated him with his address block randomly sometime after 2010. Jim says that he's been been using the address block for his house since leaving Sprockets (no public IP, but he just uses NAT and connects via his public cable modem IP address.) ...Because we no longer allow him as a abuse contact to update the DNS servers, he can't even use "his" IP block now that he's getting a nice new Internet connection. Now on to the more dangerous variation of this story - it starts the same, sounds the same to ARIN, and it is only in a few (unknown to us) details that it differs - - Spockets was sold to Widgets, Inc sometime in late '90s - Widgets renumbered the servers when they moved them to Widgets HQ and promptly forgot about the X.Y.Z/24 IP address block... It's highly likely (absent a transaction to the contrary) that the rights to the X.Y.Z/24 IP address block are held by Widgets Inc. This hasn't prevented technical contacts for long-lost companies from trying to hijack unused address blocks and monetize them (i.e. if ARIN would just play along...) The change of tech contact to abuse significantly reduces the risk of hijack, although it could be argued that it excessively impacts legacy address holders (those who have not been updating their IP address records over time.) /John _______________________________________________ Services-wg mailing list Services-wg at arin.net http://lists.arin.net/mailman/listinfo/services-wg -------------- next part -------------- An HTML attachment was scrubbed... URL: From marty at akamai.com Mon Jun 20 22:33:10 2016 From: marty at akamai.com (Hannigan, Martin) Date: Mon, 20 Jun 2016 22:33:10 -0400 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration In-Reply-To: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net> Message-ID: <285C877B-0F58-474A-BC65-131447652C8A@akamai.com> Ok. So the call will be for opinions? There seems to be clear choices here in terms of maintaining an accurate registry and allowing transfer, updating or ?re invigoration? of legacy records. Best, -M< > On Jun 14, 2016, at 4:58 AM, John Curran wrote: > > ARIN Services WG (SWG) - > > Please find attached the ?CKN23" project document and an overview slide deck > of same, for your consideration. Leslie Nobile produced these and is available > to brief the Services WG on the issue and potential options for moving forward. > > It would be my desire the Services WG consider the matter and provide an initial > recommendation on how to proceed. I would inform the ARIN community of this > direction by putting the matter out for community consultation along with the SWG?s > recommendation. > > Please review the materials at your convenience, and we?ll arrange a teleconference > in the near future to review jointly. > > Thank you! > /John > > John Curran > President and CEO > ARIN > > > > _______________________________________________ > Services-wg mailing list > Services-wg at arin.net > http://lists.arin.net/mailman/listinfo/services-wg From jcurran at arin.net Mon Jun 20 22:41:41 2016 From: jcurran at arin.net (John Curran) Date: Tue, 21 Jun 2016 02:41:41 +0000 Subject: [Services-wg] ARIN Services WG - CKN23 materials for your consideration In-Reply-To: <285C877B-0F58-474A-BC65-131447652C8A@akamai.com> References: <117A4FC0-2627-48F3-9E3D-2A7C07A5B2C7@arin.net>, <285C877B-0F58-474A-BC65-131447652C8A@akamai.com> Message-ID: <93B282EB-6339-4E97-914D-0E30B4BBA399@arin.net> Call will be to review the document with Leslie, followed by discussion by Services WG members on their views, with the eventual goal of coming up with a recommendation on how ARIN should best proceed. /John > On Jun 20, 2016, at 10:37 PM, Hannigan, Martin wrote: > > > > Ok. So the call will be for opinions? There seems to be clear choices here in terms of maintaining an accurate registry and allowing transfer, updating or ?re invigoration? of legacy records. > > Best, > > -M< > > >> On Jun 14, 2016, at 4:58 AM, John Curran wrote: >> >> ARIN Services WG (SWG) - >> >> Please find attached the ?CKN23" project document and an overview slide deck >> of same, for your consideration. Leslie Nobile produced these and is available >> to brief the Services WG on the issue and potential options for moving forward. >> >> It would be my desire the Services WG consider the matter and provide an initial >> recommendation on how to proceed. I would inform the ARIN community of this >> direction by putting the matter out for community consultation along with the SWG?s >> recommendation. >> >> Please review the materials at your convenience, and we?ll arrange a teleconference >> in the near future to review jointly. >> >> Thank you! >> /John >> >> John Curran >> President and CEO >> ARIN >> >> >> >> _______________________________________________ >> Services-wg mailing list >> Services-wg at arin.net >> http://lists.arin.net/mailman/listinfo/services-wg >