RE: Abuse procedures... Reality Checks
I have to disagree. SWIP is not meaningless. In my company some functions related to sending a SWIP are automated, but my company has people on staff who know that it is happening and what it means. And I talk with plenty of other companies that fall into the same boat. In short I find this one comment below to be argumentive and full of conjecture. No more argumentative and full of conjecture than your posting. I said that there were SOME companies where SWIP is just a mysterious automated process and nobody on staff fully understands the meaning of it, beyond the fact that it needs to be done to help get approval for that next allocation request. The fact that SOME companies do have a process for managing SWIP as they understand it, does not mean that there are no delinquents. I also find it curious that you claim to have people on staff at your company who know what SWIP means. Perhaps you could ask them to share that information with us since I have never seen this documented anywhere. Do they really know what you claim they know? --Michael Dillon
New RIPE NCC IPv4 blocks pingable addresses
[Apologies for duplicate emails] Dear Colleages, The IANA recently allocated the IPv4 address ranges 92/8 and 93/8 to the RIPE NCC. The following pingable addresses are now available in these blocks: 92.192.0.1 92.255.248.1 93.192.0.1 93.255.248.1 More information regarding the debogonising project can be found here: http://www.ris.ripe.net/debogon/ Best regards, Alex Le Heux RIPE NCC IP Resource Analyst
4 Byte AS deployment
FYI: SURFnet has setup a 4 byte AS using Quagga and is currently announcing 2 prefixes originating from AS3.5 IPv4: 145.125.0.0/20 (Worldwide visible) http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC001query=12arg=%5C.5 IPv6: 2001:610:160::/48 (Only visible to the RIPE RIS project and is part of a full feed from AS3.5) http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC001query=16arg=2001%3A610%3A160%3A%3A%2F48 I guess this IPv6 prefix is the first prefix announced from a 4byte AS. Regards, Jac -- Jac Kloots Network Services SURFnet bv The Netherlands
Re: Abuse procedures... Reality Checks
On Sat, Apr 07, 2007 at 09:50:34PM +, Fergie wrote: I would have to respectfully disagree with you. When network operators do due diligence and SWIP their sub-allocations, they (the sub-allocations) should be authoritative in regards to things like RBLs. After thinking it over: I partly-to-mostly agree. In principal, yes. In practice, however, [some] negligent network operators have built such long and pervasive track records of large-scale abuse that their allocations can be classified into two categories: 1. Those that have emitted lots of abuse. 2. Those that are going to emit lots of abuse. In such cases, I'm not inclined to wait for (2) to become reality. ---Rsk
Re: Abuse procedures... Reality Checks
On Sat, Apr 07, 2007 at 04:20:59PM -0500, Frank Bulk wrote: Define network operator: the AS holder for that space or the operator of that smaller-than-slash-24 sub-block? If the problem consistently comes from /29 why not just leave the block in and be done with it? Because experience...long, bitter experience...strongly indicates that what happens today often merely presages what will happen tomorrow. Because I haven't got unlimited time. Or money. Or resources. Because I haven't got unlimited WHOIS queries. (Although I and everyone else *should* have those. There are no valid reasons to rate-limit any form of WHOIS query.) Because there are way, WAY too many incompetently-managed networks whose operators can often be heard complaining about the abuse inbound to them at the same time they fail to take rudimentary measures to control the abuse outbound from them. cough port 25 blocking cough Because I was more patient for the first decade or two, and it proved to be a losing strategy. Because This Is Not My Problem. If by chance someone benign has chosen to locate their operation in known-hostile, known-negligently-operated network space, then their failure to perform due diligence may have consequences for them. I guess this begs the question: Is it best to block with a /32, /24, or some other range? Sounds a lot like throwing something against the wall and seeing what sticks. Or vigilantism. 1. Gratuitously labeling carefully-considered measures as random is not a route to productive conversation. 2. It is hardly vigilantism to take passive measures to protect one's network/systems/users from hostile activity. Doubly so when those measures consist merely of a refusal to grant a *privilege* after it's been repeatedly, systemically abused. ---Rsk
RE: Abuse procedures... Reality Checks
Comcast is known to emit lots of abuse -- are you blocking all their networks today? Frank -Original Message- From: Frank Bulk Sent: Tuesday, April 10, 2007 7:43 AM To: nanog@merit.edu Subject: Re: Abuse procedures... Reality Checks On Sat, Apr 07, 2007 at 09:50:34PM +, Fergie wrote: I would have to respectfully disagree with you. When network operators do due diligence and SWIP their sub-allocations, they (the sub-allocations) should be authoritative in regards to things like RBLs. After thinking it over: I partly-to-mostly agree. In principal, yes. In practice, however, [some] negligent network operators have built such long and pervasive track records of large-scale abuse that their allocations can be classified into two categories: 1. Those that have emitted lots of abuse. 2. Those that are going to emit lots of abuse. In such cases, I'm not inclined to wait for (2) to become reality. ---Rsk
Re: IPv6 Finally gets off the ground
On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo [EMAIL PROTECTED] wrote a message of 24 lines which said: was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space. Any human on board? Because he would have been able to access useful content: http://www.ipv6experiment.com/ The great chicken or the egg dilemma. IPv6 has had operating system and router support for years. But, content providers don't want to deploy it because there aren't enough potential viewers to make it worth the effort. There are concerns about compatibility and breaking IPv4 accessibility just by turning IPv6 on. ISPs don't want to provide IPv6 to end users until there is a killer app on IPv6 that will create demand for end users to actually want IPv6. There hasn't been any reason for end users to want IPv6 - nobody's dumb enough to put desirable content on IPv6 that isn't accessible on IPv4. Until now. We're taking 10 gigabytes of the most popular adult entertainment videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration. If you access the site via IPv4, you get a primer on IPv6, instructions on how to set up IPv6 through your ISP, a list of ISPs that support IPv6 natively, and a discussion forum to share tips and troubleshooting. If you access the site via IPv6 you get instant access to the goods.
RE: IPv6 Finally gets off the ground
HAHAHAHAHA I always knew that this stuff was the most prevalent and billable content on the web, but I never thought of using it as a motivating factor for chage! Good one! Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephane Bortzmeyer Sent: Tuesday, April 10, 2007 9:55 AM To: J. Oquendo Cc: nanog@merit.edu Subject: Re: IPv6 Finally gets off the ground On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo [EMAIL PROTECTED] wrote a message of 24 lines which said: was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space. Any human on board? Because he would have been able to access useful content: http://www.ipv6experiment.com/ The great chicken or the egg dilemma. IPv6 has had operating system and router support for years. But, content providers don't want to deploy it because there aren't enough potential viewers to make it worth the effort. There are concerns about compatibility and breaking IPv4 accessibility just by turning IPv6 on. ISPs don't want to provide IPv6 to end users until there is a killer app on IPv6 that will create demand for end users to actually want IPv6. There hasn't been any reason for end users to want IPv6 - nobody's dumb enough to put desirable content on IPv6 that isn't accessible on IPv4. Until now. We're taking 10 gigabytes of the most popular adult entertainment videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration. If you access the site via IPv4, you get a primer on IPv6, instructions on how to set up IPv6 through your ISP, a list of ISPs that support IPv6 natively, and a discussion forum to share tips and troubleshooting. If you access the site via IPv6 you get instant access to the goods.
RE: Abuse procedures... Reality Checks
Because I haven't got unlimited WHOIS queries. (Although I and everyone else *should* have those. There are no valid reasons to rate-limit any form of WHOIS query.) Yes there are. The current whois returns way more information on a query than you need for network operations. That's because the current whois was designed back in the 1970's so that ARPANET network managers could identify all the users of the network in order to help them make the business case for their budget requests to cover the cost of high-speed 56k frame relay links. There is no good reason to rate-limit a query that takes an IP address (or IP address range or CIDR block) and returns with a list of database record identifiers for the enclosing blocks. The record identifiers for organizations who directly received an allocation or assignment from ARIN would be their org-id. The other ones, SWIP records, would have some fixed database key like REASG200622812536. If no REASsiGnment record exists, you now have the orgid to contact and have no need to do an additional query if they are a known organization. If the REASiGnment records do exist, you can look them up in your own database to see if they are a re-offender. And if you really need to, then you can do a RATE-LIMITED lookup of contact info. One type of query is justifiably rate limited to prevent DB scraping by spammers et al. The other type is not, however it does not currently exist because the RIR whois directory was not created for network operations support nor is it designed to do this job. You can hack together all kinds of mashups that sort of work if you squint the right way, but the bottom-line is that whois does not do the job that many network operators think it does or would like it to do. Because This Is Not My Problem. If by chance someone benign has chosen to locate their operation in known-hostile, known-negligently-operated network space, then their failure to perform due diligence may have consequences for them. It would be interesting if you, and other like-minded hard-nosed network admins would get together and write a requirements document for a whois type directory lookup that would actually support you in what you are trying to do while minimizing collateral damage. The only caveat is that it must be legal to implement in the USA, i.e. you will never get GPS coordinates and a photo of the registrant in such a system. In my opinion, the purpose and scope of such a directory is to provide contact info for people who are ready, willing and able to communicate regarding network operations and interconnect issues and who are able to act on that communication. All contact info should be verified with the contactee who must EXPLICITLY agree to have the info published. All contact info will be verified periodically (maybe every 4 months?) by out-of band means, i.e. the directory operator will keep track of individual email addresses and phone numbers for role account managers. If such a directory did exist, then it would be smaller than whois. You would get many more failures on a quick query which is a good thing. It means that the network operator did not make it a contractual requirement for their customer to maintain an up-to-date network contact. In that case, the network operator is not just morally responsible for abuse, they are contractually responsible. Or maybe you could come up with something better? 1. Gratuitously labeling carefully-considered measures as random is not a route to productive conversation. Agreed. I think a lot of the problem stems from assumptions. People make a lot of assumptions on what whois does based on the net folklore that was handed down to them when they joined the Internet. Few people seem to question such folklore and few people notice that not everybody shares the same understanding. However, it is a lot easier for people to notice that your carefully-considered measures look like a lot like a crude weapon that causes lots of collateral damage. They feel that you could do better and attack you rather than attacking their own assumptions which are the real root of the problem. If you had better data to work with, then your carefully-considered measures would evolve to appear highly sophisticated wisdom, and would also cause little collateral damage. --Michael Dillon
Re: Abuse procedures... Reality Checks
On Tue, Apr 10, 2007 at 03:11:31PM +0100, [EMAIL PROTECTED] wrote: ... Yes there are. The current whois returns way more information on a query than you need for network operations. That's because the current whois was designed back in the 1970's so that ARPANET network managers could identify all the users of the network in order to help them make the business case for their budget requests to cover the cost of high-speed 56k frame relay links. Mike, that's twice in two days that you've made that assertion. I don't remember any financial administrator in those days that would have accepted WHOIS output as justification for anything. I do remember, however, that those high-speed 9600 baud and 56Kb links were point-to- point and went down a lot. And so what I remember the WHOIS entries being used for was: ... In my opinion, the purpose and scope of such a directory is to provide contact info for people who are ready, willing and able to communicate regarding network operations and interconnect issues and who are able to act on that communication. All contact info should be verified with the contactee who must EXPLICITLY agree to have the info published. All contact info will be verified periodically (maybe every 4 months?) by out-of band means, i.e. the directory operator will keep track of individual email addresses and phone numbers for role account managers. ... so that we could contact the person at the other end who was responsible for and knowledgable of their side of the network connection, to fix it. At o-dark-thirty, if necessary. Unfortunately, the way WHOIS is maintained these days, this can no longer be trusted. Note: at the time, I was a bit younger and did not often encounter financial managers, so it's possible some might have accepted WHOIS output. But most people thought computers were some weird thing out THERE [point in random direction], and would sooner have accepted a hand-written note than one printed on a TTY33 or chain printer. -- Joe Yao Analex Contractor
Re: Abuse procedures... Reality Checks
On Tue, Apr 10, 2007 at 10:30:32AM +0100, [EMAIL PROTECTED] wrote: ... I also find it curious that you claim to have people on staff at your company who know what SWIP means. Perhaps you could ask them to share that information with us since I have never seen this documented anywhere. Do they really know what you claim they know? ... http://www.swip.com/: Scottish Widows Investment Partnership http://www.uh.edu/~cfreelan/SWIP/: Society for Women in Philosophy http://www.sat-tel.com/Swip.html: Shared WHOIS Project http://www.swip.net/: The Swedish IP Network Note that there are far more entries for chapters of SWIP #2 than for any others. But one may assume that you refer to SWIP #3. Definitions on the Web found by Google do vary slightly. The referenced InterNIC policy appears to no longer be available on the InterNIC Web site. However, http://www.arin.net/registration/guidelines/report_reassign.html will do. There seem to have been more proposals on how to produce a better WHOIS then one can assume in a reasonable amount of time. ;-] -- Joe Yao Analex Contractor
Re: IPv6 Finally gets off the ground
On Tue, Apr 10, 2007 at 03:54:39PM +0200, Stephane Bortzmeyer wrote: On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo [EMAIL PROTECTED] wrote a message of 24 lines which said: was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space. ... We're taking 10 gigabytes of the most popular adult entertainment videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. ... *sigh* Off the ground, then into the gutter, eh? From the heights to the depths ... -- Joe Yao Analex Contractor
Re: New RIPE NCC IPv4 blocks pingable addresses
On Tue, 10 Apr 2007 11:56:57 +0200 Alex Le Heux [EMAIL PROTECTED] wrote: [Apologies for duplicate emails] Dear Colleages, The IANA recently allocated the IPv4 address ranges 92/8 and 93/8 to the RIPE NCC. The following pingable addresses are now available in these blocks: 92.192.0.1 92.255.248.1 93.192.0.1 93.255.248.1 I was relieved to read the body of this note -- from the subject line, I thought that RIPE was blocking pings to certain addresses... --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: IPv6 Finally gets off the ground
On Apr 10, 2007, at 11:13 AM, Joseph S D Yao wrote: On Tue, Apr 10, 2007 at 03:54:39PM +0200, Stephane Bortzmeyer wrote: On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo [EMAIL PROTECTED] wrote a message of 24 lines which said: was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space. ... We're taking 10 gigabytes of the most popular adult entertainment videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. ... *sigh* Off the ground, then into the gutter, eh? From the heights to the depths ... First, I find it interesting that you are applying your personal morals to a technical discussion. Actually, I find it sad too. Second, who said v6 was the heights? Many people would argue this actually _lifts_ v6, not drags it down. (And most of those people would further argue v6 should have stayed down.) Third, where do you work? I work on the Internet. If you are opposed to pr0n, and you work on the Internet, you need to change jobs, FAST. Unless you enjoy self delusion. And don't even think about saying not on MY network. I don't care if you work for a .gov, there is plenty of nekkid-flesh-bits flying on your network. To think otherwise only proves you are delusional or ignorant. The only good thing I can say about this proposal is that 10GB is not NEARLY enough to get your typical luser to think about changing their configuration. Therefore, it probably won't have an impact on v6 adoption. (That ghod.) -- TTFN, patrick
Re: IPv6 Finally gets off the ground
On Tue, Apr 10, 2007 at 03:54:39PM +0200, Stephane Bortzmeyer wrote: IPv6 has had operating system and router support for years. I'd have to object with such a blanket statement. I don't think you can say you support IPv6 (from an ISP's point of view) without DHCPv6, since I don't think anyone at a large ISP sized scale is going to leave address assignment up to RTADV. I'm aware that Vista added support for DHCPv6, and I have heard naught else (aside from the unixes). So, it's my opinion that IPv6 may only recently have started enjoying the level of operating system support required for actual ISP-scale use by one major vendor...and I don't know how commonly deployed Vista is yet. -- David W. HankinsIf you don't do it right the first time, Software Engineer you'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins pgpkju5wVgq6x.pgp Description: PGP signature
Re: IPv6 Finally gets off the ground
Patrick W. Gilmore wrote: The only good thing I can say about this proposal is that 10GB is not NEARLY enough to get your typical luser to think about changing their configuration. Therefore, it probably won't have an impact on v6 adoption. (That ghod.) Nor was it intended to. From what I understand it's an experiment on the usability of dual-stack servers at this point. Porn happens to be a test load. We (myself, previous and current employers) have been deploying dual stack servers (with published records) for all sorts of applications which may or may not give us some reasonable samples of client behavior (usenet news, ntp servers, open source ftp http mirrors). Experience would suggest that before content providers can build a business case for dual stack servers they need to confirm they're not going to loose eyeballs as a result. --TTFN, patrick
Re: IPv6 Finally gets off the ground
On Tue, Apr 10, 2007 at 12:10:59PM -0400, Patrick W. Gilmore wrote: ... Second, who said v6 was the heights? ... My, aren't we serious? Too serious to realize that satellites are a little higher than I, at least, can reach. -- Joe Yao Analex Contractor
Re: IPv6 Finally gets off the ground
On Apr 10, 2007, at 1:24 PM, Joseph S D Yao wrote: On Tue, Apr 10, 2007 at 12:10:59PM -0400, Patrick W. Gilmore wrote: ... Second, who said v6 was the heights? ... My, aren't we serious? Too serious to realize that satellites are a little higher than I, at least, can reach. Guess I missed that reference. Silly of me. Fine imagery. Just like the stuff you can get for free if you use a v6 stack :) As for being serious, I do believe you were the one who claimed v6 was going into the gutter, and the depth. Pot, kettle, black? Actually, you went beyond being serious by implying some type of moral superiority. Which is fine, you packets can be morally superior to mine -- TTFN, patrick
Re: IPv6 Finally gets off the ground
Yes. Silly of you. I think you may have missed more than the singular reference. This back and forth has little to do with morality and more to do with opinion. Yet it begs, how moral is an argument of 'my opinion is superior to your opinion'? Such a lashing of another's opinion under the pretense of removing someone from their lofty perch to restore equality is hardly equality at all. Everyone is entitled to their opinion. Though, I doubt Mr. Yao was expressing his so strongly. Gian Anthony Constantine On Apr 10, 2007, at 1:35 PM, Patrick W. Gilmore wrote: On Apr 10, 2007, at 1:24 PM, Joseph S D Yao wrote: On Tue, Apr 10, 2007 at 12:10:59PM -0400, Patrick W. Gilmore wrote: ... Second, who said v6 was the heights? ... My, aren't we serious? Too serious to realize that satellites are a little higher than I, at least, can reach. Guess I missed that reference. Silly of me. Fine imagery. Just like the stuff you can get for free if you use a v6 stack :) As for being serious, I do believe you were the one who claimed v6 was going into the gutter, and the depth. Pot, kettle, black? Actually, you went beyond being serious by implying some type of moral superiority. Which is fine, you packets can be morally superior to mine -- TTFN, patrick
Re: Abuse procedures... Reality Checks
[EMAIL PROTECTED] wrote: I also find it curious that you claim to have people on staff at your company who know what SWIP means. Perhaps you could ask them to share that information with us since I have never seen this documented anywhere. Do they really know what you claim they know? --Michael Dillon Google is your friend. http://www.arin.net/registration/guidelines/report_reassign.html Shared WHOIS Project (SWIP) SWIP is a process used by organizations to submit information about downstream customer's address space reassignments to ARIN for inclusion in the WHOIS database. Its goal is to ensure the effective and efficient maintenance of records for IP address space. SWIP is intended to: * Provide information to identify the organizations utilizing each subdelegated IP address block. * Provide registration information for each IP address block. * Track utilization of allocated IP address blocks to determine if additional allocations may be justified. For IPv4, organizations can use the Reassign-Simple, Reassign-Detailed, Reallocate, and Network-Modification templates to report SWIP information. Organizations reporting IPv6 reassignment information can use the IPv6 Reassign, IPv6 Reallocate, and IPv6 Modify templates. Organizations may only submit reassignment data for records within their allocated blocks. ARIN reserves the right to make changes to these records upon the organization's approval. Up to 10 templates may be submitted as part of a single e-mail. SWIPs are required for reallocations of /29 and larger if the allocation owner does not operate a RWhoIs server. Of course, SWIP is a ARIN thing, and you work for BRITISH TELECOMMUNICATIONS PLC. As a US network operator, I was well aware of the requirements for SWIP, because ARIN rules make it clear that, as a netblock owner of an ARIN allocation, I'm required to do it. Which numbering authority do you work with day to day?