On 21/10/09 18:56 -0400, der Mouse wrote: >Nor should they, I think, per se. It's when they involve abuse of >their assigned resources that the RIR has to step up and enforce the >responsibility that goes with authority. Independent of whether that >abuse happens to be legal, or not, in any jurisdiction. > >Or, of course, not do so, and watch the abuses grow until they kill the >goose that's laying such golden eggs, instead of spending a few eggs to >ensure the goose's long-term survival.
There's not really a whole lot that RIRs can do about abuse, once it's out of the bag. RIRs just sign contracts with assignees and hand out numeric resources to them (ASNs and addresses). It's up to transit providers and ISPs to determine how those resources get used. For instance, here's a list of address blocks being advertised that have not been properly allocated via the IANA/RIR process: http://thyme.apnic.net/rviews/data-add-IANA There are probably some spammers in the list who just picked out a block out of the air and started advertising it. IANA can't do anything, because they just have relationships with the RIRs (unless they have a legacy relationship with an assignee from when before RIRs existed). RIRs have contracts with assignees, but don't have much of a stick to poke at the tier-1 transits - transit providers are probably RIR customers, but RIRs don't get in the business of telling transits how to route traffic. That's as a function they don't have the technical expertise or legal right to oversee. The point at which RIRs *do* need to do something is when there is a request for resources. If they don't take due diligence is determining the validity of those requests, they open themselves to lawsuits from ISPs who are denied resources, such as when IPv4 resources start to deplete. -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
