Notice: Fradulent RIPE ASNs

Todd Underwood toddunder at gmail.com
Wed Jan 16 16:18:19 UTC 2013


it's  nice that we've proceded to insult our colleagues.

many thanks to mr. petach for achieving the end of this thread.  thank
you all for participating.

On Wed, Jan 16, 2013 at 10:54 AM, Rich Kulawiec <rsk at gsp.org> wrote:
> On Wed, Jan 16, 2013 at 10:07:40AM -0500, Todd Underwood wrote:
>> no one seriously believes that the RIPE NCC (which is managed by all
>> of its members) is primarily distinguished by their incompetence and
>> negligence.
>
> Really?  Then why, pray tell, haven't they made it a practice to routinely
> (let's say, once a month) ask the people over at Spamhaus: "Hey folks, do
> you see anything wonky in the space we manage?" and then act
> immediately and decisively on what they get back for an answer?
>
> I don't want to speak for Spamhaus, but I suspect that they would be
> delighted to provide that response, particularly if it led to swift and
> effective action to make the problem(s) go away.  And while I don't
> always agree with their positions, I've *rarely* found mistakes in
> their research: they're thorough.  (So's Ron, by the way.)
>
> This isn't complicated.  This isn't expensive.  This doesn't require
> new technology or anything fancy.  It's basic due diligence.  Yet it
> clearly hasn't happened.  Why the hell not?
>
> We live in a time when abuse is epidemic.  It's costing us a fortune,
> and I don't just mean in financial terms, although certainly that's
> bad enough all by itself.  But it doesn't just magically fall out of
> the sky and land on our servers or routers, or at port 25 on our
> mail servers.   It comes from *somewhere*, and it does so on *somebody's*
> watch.  And when it does so on a chronic and systemic basis, surely
> it is reasonable to ask questions like "Why, if we can so clearly see
> it arriving at our operation, can they not see it leaving theirs?"
> or "Why aren't people paying attention to the primary/most useful
> sources of information about their own operations?"
>
> So it's (well past) time to stop giving people a pass for looking the
> other way or failing to look at all.  It's my, your, and everyone's
> professional responsibility to do everything we possibly can to prevent
> the networks, hosts, and resources we run from being part of the problem.
> So yeah: "incompetence" and "negligence" are the best words I can find
> to describe failure to do that.  What would you call it?
>
> ---rsk
>



More information about the NANOG mailing list