If enforcement of SWIP would result in the elimination of network abuse, I
would not speak against it. However, even with valid contacts in SWIP,
abuse reports are ignored. Contacting the ARIN allocation holder also
often goes unanswered as well, and this is not dependent on SWIP. In
addition to enforcement of valid contacts in Whois and SWIP, there needs
to be a corresponding required response to reports of network abuse by
those using ARIN resources. I find that the presence or absence of SWIP
records have little to do with if a given allocation holder acts on abuse.
The networks that you cite are examples of networks that deserve to be on
a worldwide blacklist. From my point of view, most of my network abuse
comes from addresses outside of the ARIN Region, mostly APNIC and RIPE.
People hammer daily on my servers trying to get in with dictionary
attacks. In the case of a couple of comment boards that I run, I ended up
blacklisting from posting the entire APNIC and RIPE IPv4 space at the /8
level, as well as selected portions of ARIN in my apache configuration, as
the intended audience is US based. The comment spam is very bad, and
reports to the responsible contacts, even in the ARIN region go unanswered
in most cases. Ditto with the Dictionary attacks.
Those receiving allocations from ARIN need to be held responsible for
actually answering reports of network abuse. I think this is vastly more
important for enforcement than providing a SWIP record containing customer
contacts which goes unanswered. Those with ARIN allocations should always
be responsible for acting on reports of abuse, especially if no downstream
SWIP records are provided, or the contacts in that record fail to act.
Maybe the RSA should make the number resources subject to revocation if
someone receiving space from ARIN regularly fails to respond and act on
valid reports of network abuse. Maybe it already does, but it does not
appear to be enforced.
However, I do not think ARIN or any other RIR should required to become
the "Internet Police". The purpose of ARIN is in 1.1 of the policy
manual, which is uniqueness, contacts, transparency and assist in ip
allocation studies. While having customers who abuse cannot always be
prevented, failure to act on valid, repeated reports of abuse by those
customers is wrong and should subject the Allocation to revocation. This
is one of the few sticks that ARIN has in regard with "bad" members. The
carrots do not seem to work.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
On Sat, 3 Jun 2017, Ronald F. Guilmette wrote:
In message <[email protected]>,
Michael Peddemors <[email protected]> wrote:
.. and given the
large increase in nefarious actors on the internet, it is important to
have accurate information on the responsible party for that part of the
internet.
I for one want to see ARIN do more, and be given a mandate to enforce
the given requirements already in place.
As should be evident to anybody who has been paying attention, I
agree completely. And it isn't just me. Not by a long shot. It
should be self-evident also that essentially every member of the
law enforcement community, at all levels, would also like to see,
if anything, the existing SWIP rules strengthened, rather than
diluted, and, more importantly, would like to see them actually
enforced someday.
Unfortunately, as the examples I gave, of 69.162.115.240/28 and
69.162.77.192/29, vividly illustrate, not only are the existing
rules being openly flouted, but they are even being *brazenly*
flouted, by at least some crooked providers... in this case
Limestone Networks... who, for all I know, are selling identity
protection services to criminals, as would appear to be the
case here. (If anyone wants all of the particulars about the
specific bad actors that are hiding out within the two blocks
in question, and/or their direct links to an active and ongoing
malware distribution operation, you can contact me off list and
I will provide details.)
Of course, Limestone Networks and its clearly non-residential
"residential customer" are far from the only example I could
cite here. It just happens to be among the most brazen and
obvious. A fuller listing of all of the active identity
concealment services that are, as we speak, being provided
by entities holding direct ARIN allocations (and to various
flavors of bad actors / criminals) would be so lengthy that
I'm sure nobody here would bother to read it.
In my more idealistic moments, I like to believe that we all have
a shared and common interest in the security of the Internet as
a whole. Few of us find the ongoing presence of spammers,
hackers, and malware distributors to be directly beneficial.
But clearly there are exceptions. Some holders of direct ARIN
allocations are provably and unambiguously profiting from
ignoring even the minimal and ineffectual SWIP rules that are
currently on the books, and are doing so consciously, and in
clear cooperation with bad actors, as a paid "service" to protect
the true identities of these bad actors.
Apparently, this is all exactly how the ARIN community wants things
to be... nevermind the obviously negative effects to the security of
all of us, and nevermind the general disrepute that these few "bad
apple" providers bring to the ARIN community as a whole. The
community makes sure that nobody, least of all the bad apple providers,
will ever have to do or document anything that they don't much feel
like doing or documenting, and the bad apple providers then, in turn,
drive their proverbial trucks through the gaping loopholes in the
rules and/or their enforcement, and thus profit handsomely by selling
identity protection services to snowshoe spammers and malware distribtion
operations, presumably for some additional premium, addded on top of
the price for the usual and customary provision of non-cloaked services.
I like to think that someday the vast majority of law-abiding and
rule-following members of the ARIN community are going to wake up
and realize that a small minority (<5%) of ARIN direct allocation
holders are responsible for the vast majority (>95%) of all of the
problems on the Internet, and that at some point the majority will
at last conclude that enough is enough, and that all of these clever
"hide the ball" games and shenanigans should finally, seriously, be
ended. But I'm realistic enough to know that that day is not today.
As with most problems faced by mankind... including global warming...
things are going to have to get much much worse before they get any
better, and the only thing that has been shown, over time, to reliably
motivate homo sapiens to get up and out of their comfortable barcoloungers
is a crisis that can no longer be ignored.
I wish for once that we humans could be smart enough to act to solve at
least this one evident problem early, i.e. -before- things reach crisis
proportions, but in this case that doesn't seem at all likely.
Would that it were otherwise.
Regards,.
rfg
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
