This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Whois database accuracy
- Previous message (by thread): [anti-abuse-wg] Whois database accuracy
- Next message (by thread): [anti-abuse-wg] Whois database accuracy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Cox
richard.cox at btuser.net
Fri Oct 23 16:20:53 CEST 2009
On Wed, 21 Oct 2009 Jerome Bouat <jerome.bouat at wanadoo.fr> wrote: > Could we possibly disconnect the network which aren't tidying their > whois records ? To amplify one of Brian's points: The problem there is that WE (which for the purposes of this discussion only, would include RIPE NCC) can't disconnect anybody. You've made an invalid assumption which - frankly - I also made for many years, until the full reality of the situation dawned on me. The only people who can disconnect a network are its peers and upstreams. To a large extent that means that if any of the backbone networks agrees to accept the traffic, the network stays connected. If ALL the backbone networks agree not to accept traffic from block owners that do not have (or do not answer) valid abuse etc addresses, then we would have a way forward. It only takes one such backbone network to carry the traffic and the problem remains. And experience tells us that there will be one. RIPE and other RIRs allocate IP ranges and ASNs. Although there is a routing database, that does NOT actually control the routing. All that RIPE NCC controls, is the entitlement to use the numbers, and the reverse DNS delegations. Now, if the RIPE NCC were to recover a block allocation or ASN because the WHOIS data was bad, or the network would not deal with abuse issues reported (and by the way I am not advocating that as a policy) those addresses and ASN could continue to be used. All that would happen would be that rDNS would stop working, and there would no longer be any visible track of who was running that network. In an ideal world the upstreams would stop routing the traffic as soon as they became aware of the situation. That's very far from being a universally adopted practice, as was found recently when several of the other RIRs withdrew numerous IP address blocks for non-payment of fees: and Afrinic's withdrawal of Zimbabwean blocks was one example of this triggered by the recent currency problems in Zimbabwe. IP traffic is just like international telephone routing - if an entity says it is using a number range, and its peers and upstreams accept the claim, then connections will get through. And in many cases those upstreams will be influenced by the payments they get for the traffic, either at standard or enhanced rates. If there are conflicting routing claims, then obviously the connectivity will become somewhat unreliable. So effectively the only people who can "disconnect" an address range are the individual ISPs - by rejecting that traffic locally - but that rarely happens either, because of the probability of losing legitimate traffic in the process. There are a few network ranges that are known to be all used for crime or abuse, and a lot of ISPs now use the list at http://www.spamhaus.org/drop to block that traffic. I hope you do! For the other cases, pressure on the upstreams carrying the traffic from the entity that has misconfigured data, is probably the best way to get the problem fixed. Blocking that traffic locally is a good thing for ISPs to do, but it will take a lot of them to impose blocking before corrective action will be taken. Regards, Richard Co-Chair, RIPE AA-WG
- Previous message (by thread): [anti-abuse-wg] Whois database accuracy
- Next message (by thread): [anti-abuse-wg] Whois database accuracy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]