Reply to Sean Donelan (was: Yet more hijacked space? - deru.net)

Michael.Dillon at radianz.com Michael.Dillon at radianz.com
Tue May 6 14:07:56 UTC 2003


>> I think that it is time to tighten up on these requirements even 
further. 
>> The published whois directory should only contain the up-to-date 
contact 
>> information of people responsible for enforcing network AUPs and 
rooting 
>> out network abuse. If an organization is allocated or assigned IP space 

>> from their upstream then their info should not be published in the 
whois 
>> directory unless they agree to be directly responsible for AUPs and 
abuse 
>> mitigation.

>This would make every provider like 
>Level3 and Cogent...hosters of spammers camouflaged by a lack of 
>publicly available reassignment data.  At least with the current system, 
>most providers publish reassignment data, so when you get spammed by 
>discountdeals or ultimate savings, or the like, you can usually look up 
>their address space and block them. 

If Level3 and Cogent are in a common carrier position in relation to their 
customers then it is likely that they will delegate the responsibility for 
AUPs and abuse issues to the customer. In that case they will provide 
current and functional contact info to the whois directory much like 
today. One difference is that someone (hopefully the publisher of the 
whois directory) will take responsibility for regularly confirming that 
contact info. If the info gets out of date then they would pester Level3 
or Cogent for an update and if Level3 or Cogent don't supply updated 
contact info then the whois directory would revert to showing Level3 or 
Cogent as responsible for the block.

Now, back to your idea of blocking address space. Is there anything in the 
above suggestion that makes it impossible for you to block incoming email 
from abusive address space?

>Too many providers just don't care 
>about spam as long as the spammers pay.

If my suggestion were adopted then the spammer's provider would either 
enforce their own AUPs or they themselves would pay the price.

>> In one fell swoop, this will enable people to block just about every 
>> possible source of spam.

>I assume you mean it would make blocking bogons and unused blocks easier, 

>but I think the net result would be to make it much harder to block most 
>sources of spam.

No, I mean that all IP address would be clearly delineated into two types. 
Prime addresses would have correct and functional contact info while dirty 
addresses would not. If you were advising a business on their Internet 
connectivity would you advise them to sign up with a provider using prime 
addresses or dirty addresses?

It also means that there would be two strategies for dealing with SPAM, 
DDOS, etc. If it comes in from a dirty address, then just block or filter 
the traffic. If it comes from a prime address, then you contact the 
provider and work out the problem. There isn't any more huge grey area of 
providers who might be good people if only you could find some way to 
contact them. Any provider who doesn't keep their contact information up 
to date ends up in the same ditch as the dead dogs, offal and sewage.

>So you want to fix this by making it even harder to find out who's using 
>an IP block?

No, I want to shift the responsibility onto the IP block users. It should 
be their responsibility to show that they are a good network citizen or 
else they won't get connectivity.

By the way, I think that something like this can be done entirely outside 
of the existing RIR and whois structures. This is all about a web of trust 
and it is possible to set up a private SMTP exchange system that requires 
its members to only accept incoming SMTP (on a port other than 25) from 
organizations who enforce a no-spam AUP. Then you can sign up for Internet 
email service from one of the members and onlly see SPAM once in a blue 
moon.

--Michael Dillon

P.S. about the crack pipe, I was under the impression that crack smoking 
reduced your ability for creative thought. In that case it's more likely 
that those who oppose my ideas are the ones smoking crack...






More information about the NANOG mailing list