Re: Proof of ownership; when someone demands you remove a prefix

On Tue, Mar 13, 2018 at 1:38 PM, Sean Pedersen wrote: > This is more or less the situation we're in. We contacted the customer and > they informed us the matter is in dispute with the RIR and that their > customer (the assignee) is in the process of resolving the

Re: Websurfing trouble to .gov and .il.us

On Mon, 12 Mar 2018 17:44:47 -, Sam Kretchmer said: > I am part of a small ISP based in Chicago. We have several clients > complaining of an inability to hit a couple specific government websites, > specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx > and >

RE: IPv4 smaller than /24 leasing?

It might be archaic thinking but back in the day routers were not all that powerful and table size was a concern so /24 was it. ARIN kind of figured if you were smaller than a /24 you were not really on their radar and you needed to talk to an upstream provider. It is a big system to manage

Re: IPv4 smaller than /24 leasing?

Hi, needing a /24 to participate in BGP has always been sort of a world-wide standard. Even before the explosion of the IPv4 BGP full table (which has more than doubled in the last decade), that was the standard. Because . if carriers (and ISPs) accepted upstream < /24, then you'd

Re: IPv4 smaller than /24 leasing?

On Tue, Mar 13, 2018 at 2:14 PM, Justin Wilson wrote: > Even to buy it on the secondary market you have to have justification and > show usage. So if someone buys a /24 and really only needs a /25 then what? Hi Justin, If you can't justify a /24 with a single hypervisor, you

Re: Proof of ownership; when someone demands you remove a prefix

The fact that it is a newer customer would make me talk to the RIR direct and verify that a dispute is really in progress. I would also look at some looking glasses and see if the prefix is being announced elsewhere, if so that might indicate that your customer is indeed stepping on a legit

Re: Proof of ownership; when someone demands you remove a prefix

On Tue, Mar 13, 2018 at 1:59 PM, Job Snijders wrote: > Dear Sean, > > On Tue, Mar 13, 2018 at 10:38:49AM -0700, Sean Pedersen wrote: > > This is more or less the situation we're in. We contacted the customer > > and they informed us the matter is in dispute with the RIR and that >

RE: Proof of ownership; when someone demands you remove a prefix

In this case we defaulted to trusting our customer and their LOA over a stranger on the Internet and asked our customer to review the request. Unfortunately, that doesn't necessarily mean a stranger on the Internet isn't the actual assignee. A means to definitively prove "ownership" from a

Re: IPv4 smaller than /24 leasing?

That site you quoted looks like text that I created. For CloudIPv4.com (part of RentIPv4.com). To peer most networks require assigned IPv4 space. Most networks do not want to burn a /24 to peer. The local peering routers will propagate a /25... /30.. etc. from the peering platform to the rest of

RE: Proof of ownership; when someone demands you remove a prefix

Biggest problems we had as a service provider is that the block is registered to a corporate entity which is then acquired or dissolves and then you have to figure out who actually has control. We always tried to push the dispute process to go between the customer and the RIR when this

Re: Spiffy Netflow tools?

On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck wrote: Kentik is probably top of the foodchain right now. But they are certainly not alone in the biz. Ontop of my head... * Flowmon * Talaia * Arbor Peakflow * Deepfield * Pmacct + supporting toolkit *

Websurfing trouble to .gov and .il.us

Nanog, I am part of a small ISP based in Chicago. We have several clients complaining of an inability to hit a couple specific government websites, specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx and https://www.deadiversion.usdoj.gov/. It does seem to be related to

Re: Spiffy Netflow tools?

Plixer is also interesting. nfdump works great with NetFlow but support for IPFIX is somehow limited to basics. -- Babak On 13 Mar 2018, at 3:20, Fredrik Korsbäck wrote: On 2018-03-13 00:24, mike.l...@gmail.com wrote: Howdy! Checking out various Netflow tools and wanted to see what

RE: IPv4 smaller than /24 leasing?

Yes, exactly right. You would probably have to tunnel the /27 back to where the >/24 lives. That's the only way I can see of it working "anywhere". That's a technically valid solution but maybe not so hot if you are looking for high redundancy/availability since you are dependent on the

Re: Proof of ownership; when someone demands you remove a prefix

On Tue, Mar 13, 2018 at 9:23 AM, Sean Pedersen wrote: > In this case we defaulted to trusting our customer and their LOA over a > stranger on the > Internet and asked our customer to review the request. Unfortunately, that > doesn't > necessarily mean a stranger on

Re: Proof of ownership; when someone demands you remove a prefix

On Mon, Mar 12, 2018 at 11:46:31AM -0700, Sean Pedersen wrote: > We recently received a demand to stop announcing a "fraudulent" prefix. Is > there an industry best practice when handling these kind of requests? Do you > have personal or company-specific preferences or requirements? To the best >

RE: Proof of ownership; when someone demands you remove a prefix

Another thing that would affect me as a service provider would be the account history. I would probably be more skeptical if this was a long term customer who has been announcing this prefix for a long period of time vs a new customer that just began announcing it. i.e. If I just began

Re: Proof of ownership; when someone demands you remove a prefix

Finally a use for block chain :p On Mon, Mar 12, 2018 at 7:11 PM, Randy Bush wrote: > it's a real shame there is no authorative cryptographically verifyable > attestation of address ownership. >

RE: Proof of ownership; when someone demands you remove a prefix

I would insist that this customer get with the RIR and resolve ownership of the account and prove that they did so. I would leave the burden on the RIR to figure out who is the rightful owner and not make any changes until that is done. Do you have a record of what the RIR account contact was

Re: Proof of ownership; when someone demands you remove a prefix

On Tue, Mar 13, 2018 at 10:23 AM, Sean Pedersen wrote: > In this case we defaulted to trusting our customer and their LOA over a > stranger on the Internet and asked our customer to review the request. > Unfortunately, that doesn't necessarily mean a stranger on the

RE: Proof of ownership; when someone demands you remove a prefix

Yes, absolutely go with the RIR. Only thing I might adjust it whether I let the customer launch a dispute with the RIR before or after I make the change and to me that would depend on the preponderance of the evidence either way. I might give the long term customer the reasonable doubt. A

RE: Spiffy Netflow tools?

FlowViewer is a robust user interface complement to Carnegie Mellon's SiLK netflow capture and analysis tool suite. FlowViewer provides the user with text/graphical analysis tools, multiple dashboards, long-term tracking of filtered sets, automatic storage management, raw netflow packet

RE: Spiffy Netflow tools?

There is also https://github.com/robcowart/elastiflow which uses the ELK stack. Luke Guillory Vice President – Technology and Innovation Tel:985.536.1212 Fax:985.536.0300 Email: lguill...@reservetele.com Reserve Telecommunications 100 RTC Dr Reserve, LA 70084

RE: IPv4 smaller than /24 leasing?

Agreed, Reputation is everything. It is why we only work with well known Legacy IPv4 space at this time (hence, use anywhere statement). Our space rents for about 4x other space found on other sites. We don't do the volume business of our competitors. Those businesses with questionable address

Re: Spiffy Netflow tools?

Not necessarily (only) for *flow, but very nice combo: Luca Deri's ntopng+nprobe (https://www.ntop.org/products/traffic-analysis/ntop/) ***Stefan On Mon, Mar 12, 2018, 6:26 PM wrote: > Howdy! > > Checking out various Netflow tools and wanted to see what others are using? >

RE: Proof of ownership; when someone demands you remove a prefix

That is about like saying email from you is the authoritative source of truth about youunless your account is hacked. Sorry but in the real business world we give long standing customers the benefit of the doubt. We all make judgments every day in our real lives about who we believe and

Re: IPv4 smaller than /24 leasing?

ARIN's fee for a /24 is $250 https://www.arin.net/fees/fee_schedule.html That's about 1/15th of the price of a /24 on the market. Of course, they don't have any /24s. Unless, of course, you're deploying IPv6 and just need the /24 for your NAT64 box, DS-Lite AFTR, or MAP-T BR.

Re: Proof of ownership; when someone demands you remove a prefix

On Tue, Mar 13, 2018 at 1:58 PM, Naslund, Steve wrote: I would consider that the RIR WHOIS records are currently the network's authoritative source of truth about IP number management. For 99% of situations there's no such proper thing as "delaying addressing abuse"

Re: Spiffy Netflow tools?

+1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has native support for netflow and sflow now via codecs. Kibana is an easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow config that assumed a unidirectional network (like a corporate site). On Tue, Mar 13,

Re: IPv4 smaller than /24 leasing?

On the consulting side, I do smaller than /24 blocks to customers over tunnels. So far this is the only option we have found that works for the smaller ISP. We all know the routing table is bloated. We all know everyone *should* be moving toward IPV6. A whole different discussion. But, for

Re: Websurfing trouble to .gov and .il.us

On 03/12/2018 10:44 AM, Sam Kretchmer wrote: specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx andhttps://www.deadiversion.usdoj.gov/. Wireshark? It could be a problem with the sides having an infinite referral loop. It doesn't necessarily have to be a network

[NANOG-announce] NANOG 73 Call for Presentations is open

This message has been wrapped due to the DMARC policy setting to prevent NANOG subscribers from being unsubscribed due to bounces. --- Begin Message --- NANOG Community, The NANOG Program Committee is excited to announce that we are now accepting proposals for all sessions at NANOG 73 in Denver,

Centurylink SOC contact?

Does anyone have a contact for the SOC at centurylink?  I've tried soc@centurylink and noc@centurylink, with no answer. For whatever reason, they're mangling IP address in abuse reports, which requires us to manually review every report.  We'd really like them to stop, and just include the IP

Re: IPv4 smaller than /24 leasing?

Even to buy it on the secondary market you have to have justification and show usage. So if someone buys a /24 and really only needs a /25 then what? It ARIN, or others for that matter, going to relax those requirements? If I am an ISP and need to do BGP, maybe because I have a big downstream

Re: IPv4 smaller than /24 leasing?

On Tue, Mar 13, 2018 at 1:19 PM, Justin Wilson wrote: > I agree that the global routing table is pretty bloated as is. But what kind > of a solution for providers who need to participate in BGP but only need a > /25? Hi Justin, If you need a /25 and BGP for multihoming or

RE: Proof of ownership; when someone demands you remove a prefix

This is more or less the situation we're in. We contacted the customer and they informed us the matter is in dispute with the RIR and that their customer (the assignee) is in the process of resolving the issue. We have to allow them time to accomplish this. I've asked for additional information

Re: Proof of ownership; when someone demands you remove a prefix

Dear Sean, On Tue, Mar 13, 2018 at 10:38:49AM -0700, Sean Pedersen wrote: > This is more or less the situation we're in. We contacted the customer > and they informed us the matter is in dispute with the RIR and that > their customer (the assignee) is in the process of resolving the > issue. We

Re: Websurfing trouble to .gov and .il.us

On Mon, Mar 12, 2018 at 1:44 PM, Sam Kretchmer wrote: > We have several clients complaining of an inability to hit a couple specific > government websites, Hi Sam, Some basic troubleshooting: 1. traceroute? TCP traceroute? 2. From an affected address, do you get a TCP

Re: IPv4 smaller than /24 leasing?

I am looking at it from an ARIN justification point. If you are a small operator and need a /24 you have justification if you give customer’s publics, but is it a great line if you are only giving out publics for people who need cameras or need to connect in from the outside world. If I need a

Re: Websurfing trouble to .gov and .il.us

On Mon, Mar 12, 2018, at 10:44 AM, Sam Kretchmer wrote: > IP's they use, specifically parts of 213.159.132/22. They can surf any This block appears to have shifted over from RIPE into ARIN space. I've seen a few firewalls and filtering systems that block countries or block

Re: IPv4 smaller than /24 leasing?

Marketplaces - supply and demand and costs to operate as Bill noted (never thought of that) will settle out the need. Thank You Bob Evans CTO > I am looking at it from an ARIN justification point. If you are a small > operator and need a /24 you have justification if you give customer’s >

contact for www.upack.com (http 403)

Is there a contact at upack.com that can help us? All of our subscribers receive an error 403 access denied. Thank you, Matt Dittmer AS20298

Re: Spiffy Netflow tools?

Mike, All of the architecture's listed are pretty good. Nfsen is great if you have multiple routers exporting various netflow versions with a single daemon, but its a bit older and not as pretty/quick as something using elastic. Team Cymru has a netflow analyzer that matches your netflow data to

RE: Proof of ownership; when someone demands you remove a prefix

I appreciate everyone's input and will incorporate it into our internal policies going forward. I also want to assure everyone who has taken the time to read or respond that we're going about this methodically; our customer is involved and is responding promptly and their customer is has

[NANOG-announce] NANOG 73 Call for Presentations is open

This message has been wrapped due to the DMARC policy setting to prevent NANOG subscribers from being unsubscribed due to bounces. --- Begin Message --- NANOG Community, The NANOG Program Committee is excited to announce that we are now accepting proposals for all sessions at NANOG 73 in Denver,