FYI - Suspension of Cogent access to ARIN Whois

Heather Schiller has at google.com
Mon Jan 27 20:30:50 UTC 2020


On Tue, Jan 7, 2020 at 8:50 AM John Curran <jcurran at arin.net> wrote:

> On 7 Jan 2020, at 5:01 AM, Martijn Schmidt via NANOG <nanog at nanog.org>
> wrote:
> >
> > Out of curiosity, since we aren't affected by this ourselves, I know of
> cases where Cogent has sub-allocated IP space to its customers but which
> those customers originate from their own ASN and then announce to multiple
> upstream providers.
> >
> > So while the IP space is registered to Cogent and allocated to its
> customer, the AS-path might be something like ^174_456$ but it's entirely
> possible that ARIN would observe it as ^123_456$ instead. Are such IP
> address blocks affected by the suspension?
>
> As noted earlier, ARIN has suspended service for all Cogent-registered IP
> address blocks - this is being done as a discrete IP block access list
> applied to relevant ARIN Whois services, so the routing of the blocks are
> immaterial - a customer using a suballocation of Cogent space could be
> affected but customers with their own IP blocks blocks that are simply
> being routed by Cogent are not affected.
>
>
"suspended service for all Cogent-registered IP address blocks" may be
causing a bit of confusion since ARIN offers many services.

>From your response, it sounds like it's just an ACL to filter inbound p43
traffic to ARIN's whois service, from Cogent allocated prefixes.  ARIN is
in the best position to tell who is directly scraping their db and whether
this is an effective counter measure.

Recent changes would show up easiest in bulk whois data.  It's not clear
from your message whether they had a bulk whois agreement in place and the
status of that type of access.  If so, revoking the API key would be a
better restriction mechanism than filtering prefixes from reaching
accountws.arin.net

I haven't look at where ARIN's TAL data is hosted, again depending on
how/where it's hosted and how a filter is implemented, it may or may not
impact access to the data.

deny $TOU_Violator any port 43
deny $TOU_Violator  accountws.arin.net
deny $TOU_Violator any

These all have varying levels of impact.  On the one hand I can understand
not wanting to disclose the specific action taken, on the other hand it
would be interesting to know what the scope of responses are for different
types of abuse.




> FYI,
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200127/02f06c81/attachment.html>


More information about the NANOG mailing list