Re: Past policies versus present and future uses
On Mon, Jan 25, 2021 at 11:26:51AM -0500, Rob McEwen wrote: > Is DDoS-Guard without blame? Probably not, but them hosting some occasional > criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! You might wish to scroll back up to the message I sent here on January 21 with the Subject "DDOS-Guard" and note the list of domains that I provided. That's not a network with "occasional" issues, that's a network with pervasive issues. > By these SAME standards, many other large and famous > networks should lose most or much of their IPs too! Yes, that's exactly what should happen. "Large and famous" operations, by their very nature, have plenty of money to spend on large, trained, competent, empowered, 24x7 abuse staff as well as on customer screening -- and should do that. Those that don't should not have their problematic allocations confiscated: they should have *all* their allocations confiscated. Why? Well, first because there are no acceptable excuses for running an operation like that. NONE. And second, because when those operations refuse to pay the costs of keeping abusers out, you know who *does* pay for that? We do. ---rsk
Re: Past policies versus present and future uses
On 1/25/2021 11:34 AM, Rubens Kuhl wrote: They are not losing IPs because of hosting questionable content. Correct - but from reading the Brian Krebs article on this, that was the justification that Ron Guilmette used for going after Parler and DDoS-Guard. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032
Re: Past policies versus present and future uses
On Mon, Jan 25, 2021 at 1:28 PM Rob McEwen wrote: > > A take on the 1979 movie "When A Stranger Calls" - "have you checked the > children?" becomes "have you checked the IP registration?" > > [image: Have you checked the IP registration?] > > > The vast majority of the time, Ron Guilmette does "the Lord's work" - but > THIS time - it looks to me like he put his political biases ahead of legit > anti-abuse, and it's no surprise that we now have a trail of destruction > left behind, along with much "innocent bystander" collateral damage. > > Is DDoS-Guard without blame? Probably not, but them hosting some > occasional criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! So like > other large and diversity global networks, anti abuse should focus on > removing their worst criminals/spammers. By these SAME standards, many > other large and famous networks should lose most or much of their IPs too! > > So here we are, with many OTHER networks now legitimately freaked out > about losing their IPs, and with massive potential collateral damage that > might hurt many "innocent bystanders" each time that is done! > > They are not losing IPs because of hosting questionable content. It's very reassuring to see RIR policies being enforced; there is a sentiment of lack of accountability in IP allocations and that changing is positive for all the ecosystem. Rubens
Re: Past policies versus present and future uses
/(sent again since the last one had the inline graphic stripped out - so this one links to the graphic on a website)/ A take on the 1979 movie "When A Stranger Calls" - "have you checked the children?" becomes "have you checked the IP registration?" Have you checked the IP registration? https://www.invaluement.com/have-you-checked-the-ip-registration.jpg The vast majority of the time, Ron Guilmette does "the Lord's work" - but THIS time - it looks to me like he put his political biases ahead of legit anti-abuse, and it's no surprise that we now have a trail of destruction left behind, along with much "innocent bystander" collateral damage. Is DDoS-Guard without blame? Probably not, but them hosting some occasional criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! So like other large and diversity global networks, anti abuse should focus on removing their worst criminals/spammers. By these SAME standards, many other large and famous networks should lose most or much of their IPs too! So here we are, with many OTHER networks now legitimately freaked out about losing their IPs, and with massive potential collateral damage that might hurt many "innocent bystanders" each time that is done! -- Rob McEwen, invaluement
Re: Past policies versus present and future uses
A take on the 1979 movie "When A Stranger Calls" - "have you checked the children?" becomes "have you checked the IP registration?" Have you checked the IP registration? The vast majority of the time, Ron Guilmette does "the Lord's work" - but THIS time - it looks to me like he put his political biases ahead of legit anti-abuse, and it's no surprise that we now have a trail of destruction left behind, along with much "innocent bystander" collateral damage. Is DDoS-Guard without blame? Probably not, but them hosting some occasional criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! So like other large and diversity global networks, anti abuse should focus on removing their worst criminals/spammers. By these SAME standards, many other large and famous networks should lose most or much of their IPs too! So here we are, with many OTHER networks now legitimately freaked out about losing their IPs, and with massive potential collateral damage that might hurt many "innocent bystanders" each time that is done! -- Rob McEwen, invaluement
Re: Past policies versus present and future uses
Hi Matthew, I’m not sure I’ve succeded to explain it in previous emails. The requirement for the LACNIC policies about majority of usage *in the region* of the resources provided has been there for many years. I’m almost sure than since day 1, but will need to dig into older versions of the policy manual to check that. The *text* was only using the work “mayoría”, but the interpretation when ensuring policy compliance, was following that definition of “mayoria”, which is more than 50%. My policy proposal, was “cleaning” and “clarifiying” text here and there. For example, there were some text that clearly apply to IPv4 and IPv6, and was only in the IPv4 section, etc. The policy proposal also did a lot of major changes for the recovery of uncompliant addressing space by ensuring that LACNIC setup periodic and automatic policy compliance checks. So: the “>50%” was not a “change”, was just making explicit the actual practice, and during the discussion of the proposal, we made sure in the mailing list that everybody agree with that clarification of the *existing* interpretation. Nobody, absolutely nobody, objected or said “I don’t read it that way”. In fact, I asked if the people prefers to use some “other %”, or completely delete it or whatever. I don’t have the exact details of the case that Ron discovered in Belize, because, of course, most of the details are under NDA between the resourse holder and LACNIC, private documents, etc., etc. So I’m not sure if “initially” the resource holder was really having the “majority” of the resources operated in Belize or some other place in the region and then they “forgot” that they need to follow the policy (as said, the policy has not changed in that sense). My guess is that they provided false information to LACNIC “yes we have the majority of the operation in the region”, and the RIR trusted the provided documents, but is only my guess. I fully see your point, however *every ISP/LIR needs to follow the policies in every RIR where they have resources*. Policy changes may require changes in their operation, and if they don’t agree, *this is the reason* they MUST participate in policy discussions, to be able to defend their position. This is *nothing new*! Is part of the job of the ISPs/LIRs, to ensure that they follow the policy discussions, the same way as citizens follow law development because changes in law (new taxes, etc.), can change their compliance with law. Is not about retroactivity, is about every one of us developing the “laws” and justify why something can’t be changed. The solution to those that don’t want to follow (even if is part of their “job”) the policy development, is to have warnings when there is a policy change that affects them. In fact I’ve included that in a policy proposal in AFRINIC (https://www.afrinic.net/policy/proposals/2020-gen-001-d1?lang=en-GB#proposal), by means of a dash-board. This could be done also by other RIRs as part of their “operational” terms in the customers accounts (such in “mylacnic” in the case of LACNIC), etc., and in fact it was the main intent of my policy proposal. As said, remember that this has been not changed, just added a clarification based on the existing understanding of the previuos text. LACNIC will not have provided to this resource-holder in 2013 the resources if they didn’t had indicated that the majority (over 50%) of those resrouces aren’t being operated in the region. I found and older archived version of the policy manual from 2013 (in Spanish): https://www.lacnic.net/innovaportal/file/543/1/manual-politicas-sp-2.0.pdf In section 1.11, has exactly the same text: “Los recursos de numeración de Internet bajo la custodia de LACNIC se deben distribuir a organizaciones legalmente establecidas en su región de servicio [COBERTURA] y para atender mayoritariamente redes y servicios que operan en dicha región.” El 25/1/21 0:15, "Matthew Petach" escribió: On Sun, Jan 24, 2021 at 4:22 AM JORDI PALET MARTINEZ via NANOG wrote: [...] So, you end up with 2-3 RIRs allocations, not 5. And the real situation is that 3 out of 5 RIRs communities, decided to be more relaxed on that requirement, so you don’t need actually more than 1 or may be 2 allocations. Of course, we are talking “in the past” because if we are referring to IPv4 addresses, you actually have a different problem trying to get them from the RIRs. Hi Jordi, I've adjusted the subject line to reflect the real thrust of this discussion. You're right--if we're trying to get "new" allocations of IPv4 addresses, we've got bigger problems to solve. But when it comes to IPv6 address blocks and ASNs, these questions are still very relevant. And, going back to the original article that spawned the parent thread, the problem wasn't about companies requesting *new* blocks, it was about the usage of old, already granted blocks that were now being
Re: Past policies versus present and future uses
On 1/24/21 3:15 PM, Matthew Petach wrote: Hi Jordi, I've adjusted the subject line to reflect the real thrust of this discussion. [edits Message Filters to include string "Past policies versus present and future uses" in Subject] [selects folder "NANOG" in Thunderbird: All Folders] [selects Tools --> Run Filters on Folder] Bring it. My Trash ain't half full. The question about moderators still holds. And yes, for those wondering, I *have* unsubscribed about three or four times over -- what? -- a good fifteen years or more... - John --
