Security issues based on post RIR allocation rules

• Previous message (by thread): Security issues based on post RIR allocation rules
• Next message (by thread): Empire Conduit System - NYC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Likely with the growing number of inter-RIR transfers of IPv4 blocks, over
time, this is only going to get worse (or better)…

Worse in that the size of the problem will continue to grow.

Better in that as the size of the problem grows, it might become visible
enough to actually get addressed.

Owen


> On Dec 11, 2018, at 08:58 , Tony Finch <dot at dotat.at> wrote:
> 
> Spurling, Shannon <shannon at more.net> wrote:
> 
>> When I call a health care organization, or a web hosting provider, the
>> first thing I get is that they think we are trying to pull one over on
>> them and all these ranges must be in Africa or Asia. I show them the
>> ARIN information for the specific /16, and sometimes I can make some
>> headway. Sometimes there's no convincing them. This issue appears to be
>> getting worse over time, so I was wondering if some misguided
>> organization or group is going around pressing for the rules that are
>> triggering these issues?
> 
> I'm somewhat inclined to blame poor `whois` implementations for this.
> 
> Apart from `whois` being generally very crappy, there are specific issues
> on the server side and the client side which mean the human driving whois
> often needs a good deal of expertise to be able to properly track down the
> authoritative registration details for a netblock.
> 
> On the server side, APNIC and RIPE do not return proper referrals for ERX
> netblocks. This is annoying, because they know which of the other RIRs is
> responsible for the registration - they have to get the reverse DNS
> information from the other RIR. Examples: 150.108.0.0 (an APNIC /8 but the
> /16 is allocated to Fordham University and managed through ARIN); and
> 141.111.0.0 (a RIPE /8 but the /16 is allocated to LANL and managed
> through ARIN).
> 
> AfriNIC's whois server is more helpful: it seems to proxy queries to RIPE
> and APNIC as appopriate, and returns RDAP referrals for ARIN.
> 
> On the client side, these days it is mostly possible to find the correct
> whois server to ask by following referrals from IANA. (In the past whois
> clients had to have a fairly large database of starting points.) A
> reasonably intelligent referral-oriented whois client can work around
> missing referrals for early netblock allocations by guessing, which
> usually means restarting with ARIN. But in practice most whois clients are
> pretty stupid, and the referral-oriented ones keep breaking when servers
> change. (e.g. I just found out AfriNIC's behaviour has changed since I
> last looked...)
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> West Forties, Cromarty, Forth: Southerly or southeasterly 5 or 6, occasionally
> 7 in Cromarty. Moderate, becoming moderate or rough. Mainly fair. Good.

• Previous message (by thread): Security issues based on post RIR allocation rules
• Next message (by thread): Empire Conduit System - NYC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]