Lightly used IP addresses

Ken Chase ken at sizone.org
Fri Aug 13 21:25:44 UTC 2010


On Fri, Aug 13, 2010 at 05:00:04PM -0400, Jared Mauch said:
  >I know of several large providers that would stop routing such "rogue" space. 

Really? They'd take a seriously delinquent (and we're only talking about non
payment after several months to Arin, not spammers or other 'criminal'
elements) that's still paying for their transit and cut off their prefix
announcements? I dont know that that's true for most outfits in these tough
times. Nixing a $5000 or $10000+ MRC revenue stream probably requires some
hard thought at high levels in most outfits.

  >Any provider that isn't prepared to deal with such a possible customer
  threat or problem you don't want to be associating with. They likely harbor
  other badness as well.

Possibly, but this isnt that much of a gateway drug. I know lots of companies
in a financial crunch right now, and if losing the i-a.a reverse is the only
effect of being late on a payment 'til the sun starts shining again' when
their own customers start making good on old invoices, then I think many
others would choose to delay paying ARIN instead. 

When things get tough, payables are readily triaged into high and low
priority. Perhaps NOC peeps on this list arent exposed to such decisions made
in other departments - we run a small operation here so we're all part of such
things. Some harsh realities in business sometimes!

In many cases I suspect ARIN ends up as low priority, without any criminal
mindset in operation putting them there - some of these operators might even
be altruistically thinking of their employees too - we know how fast service
goes stale in a multi-day outtage - losing connectivity may mean employees are
soon not paid and literally go hungry. So most outfits will pay their
upstreams before ARIN - and they can keep their revenue streams going and pay
their employees - and in the long run, one day maybe pay ARIN too. Who
disagrees? Go from that example to paying for power/colo, phone, etc and tell
me where ARIN is on your triage list during a cashflow event.

  >It may take some time to catch up to them but we have seen more of these
  rogue elements end up with people refusing to sell to them or law
  enforcement taking some action.

I know of a few such entities that are semi-chronically late in paying ARIN,
but they still havent taken on spammers or Chinese intelligence
operations/cyberwar plaforms as customers yet, despite your broken broken
window/gateway drug analogy. It aint all black and white, there's lots of gray
out there, and organizations that are forced into unfortunate circumstance
through current economics, possibly mismanagement and cluelessness too, but
without any malice at work.

  >If your management does not realize they are buying from possible
  criminals, you get what you pay for.

If the criminals all wore t shirts that said they're part of the club that'd be easy.
When a company is having a cashflow issues, I'd say they're just in a very big club.
If they manage to pay me, I dont ask any questions about the ethics of their triaging
of other payables.

  >I've found a number of cases where providers are actually doing mitm and
  stealing SIP credentials for fraud. Make sure you actually have good
  controls and communication for when things hit the fan....

Examples of shitty fans, and controls? just want a better idea of what you're referring
to.

/kc
-- 
Ken Chase - ken at heavycomputing.ca - +1 416 897 6284 - Toronto CANADA
Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.




More information about the NANOG mailing list