Hijacked Blocks

Christopher Morrow morrowc.lists at gmail.com
Mon Sep 14 21:27:06 UTC 2009


On Mon, Sep 14, 2009 at 5:12 PM, Randy Bush <randy at psg.com> wrote:
>> 1) not allocating to known offendors (even those who've been through
>> the court system and had judgements against them, which would be
>> following your proposed path)
>
> [ i made no proposal.  i was just a bit scared by the instant "we need
> to DO SOMETHING" reaction. ]

Oh yea, so I think after reading the 60+ messages on this thread I got
to the end saying:
o Yes, there is some sort of ongoing problem.
o No, this isn't simple to solve.
o The 'bad actors' here have the ability to fuzz several variables,
more than ARIN Staff could deal with (sanely) I think.
o There has to be a reason this hasn't made it past where we are in
the discussion today previously.

> but what you say seems somewhat prudent,
> at least leaving the judgement where it normally is.

I don't have lots of faith in the global judicial system working on
this in a sane fashion either, I was just saying ARIN/RIPE/APNIC have
(and continue to) allocate blocks to known criminals (ones judged by
some court system to have actually broken a law). Part of this problem
also is that what's illegal in $COUNTRY1 is legal in $COUNTRY2 (or
even inside the US by county or state, weee!) So what 'law breaking'
should an RIR follow/adhere to? (See point 4 above)

>> 2) dealing with rbl'd netblocks once they are returned to ARIN and the
>> re-allocated to 'new' people.
>
> tough one.  those 'bad' blocks will seem less and less bad over time.
> but can we not expect the hostfolk at the rirs to kinda order the
> available queue on this, as well as other appropriate attributes?  i.e.
> is this not more process than policy?

Sure things are less bad over time, once they are removed from 'bad
actor control', but unless the myriad of 'nutcases' that run BL's hear
from someone the 'trust' (or will listen to or whatever it takes)
things stay on the BL. Additionally, RBL's for 'spam' (smtp) are only
the tip of the iceberg here... route-filters, as-filters, firewall
rules, null routes, dns-blackholes...

> i am not saying all is well here.  i am just trying to move slowly and
> pretend to think while on my first cuppa.

gotcha

-chris




More information about the NANOG mailing list