ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

Mon Jun 18 12:48:48 UTC 2012

On Jun 18, 2012, at 4:50 AM, Arturo Servin wrote:

> 
> On 17 Jun 2012, at 20:29, Owen DeLong wrote:
> 
>> 
>> Lather rinse repeat with a better choice of address...
>> 
>> 2001:550:3ee3:f329:102a3:2aff:fe23:1f69
>> 
>> This is in the ARIN region...
>> 
>> It's from within a particular ISP's /32.
>> 
>> Has that ISP delegated some overlapping fraction to another ISP? If so, it's not in whois.
>> Have they delegated it to an end user? Again, if so, it's not in whois.
>> 
>> Same for 2001:550:10:20:62a3:3eff:fe19:2909
>> 
>> I don't honestly know if either of those prefixes is allocated or not, so maybe nothing's wrong
>> in this particular case, but if they have been delegated and not registered in whois, that's
>> a real problem when it comes time to get a search warrant if speed is of the essence.
>> 
>> Owen
>> 
> 
> 	Not being in the whois is not an indicator that the ISP (to whom the address block has been delegated) does not know about which customer has an IP (v4 or v6, doesn't matter). I have seen tons of ISPs that do not publish delegations in the whois but have a huge excel worksheets where they record every suballocation.
> 	
> 	You just need a warrant to see that info. Ergo, the FBI, interpol or you name it should not have problem to get them.
> 
> /as

Right...

However...

1.	That's a violation of resource policy.
2.	It's an extra step and multi-day delay in a situation where time may be of the essence.

Further, we're not talking about the recording of every end-user assignment so much as the fact that in some cases, large delegations to down-stream ISPs are not recorded in whois. My understanding from talking to the FBI/DEA people is that they want to be able to serve the correct ISP on the first try rather than iterating through multiple layers of delegations.

That does not seem an unreasonable expectation.

Owen