Re: Myanmar internet - something to think about if you're having a bad day

[scott]

On 4/26/2021 5:30 PM, George Metz wrote:
First you say "not at all" and then you say "stop complying". If your 
employees stop complying 
with the orders coming from the angry men with guns held to said 
employees' heads, someone's 
going to get shot - and it's going to be the telecom employees. That's 
significantly more than a 
financial hardship and I cannot grasp how you think it could possibly 
be otherwise.


-

Last post on this for me...


Dang this went off the rails fast!  The main point was 'when you're 
thinking you're having a bad


day think about what these network operators are going through', but you 
and Mel seemed to


have missed that part.


Additionally, I did not mean the -employees- should say no to the 
gunmen.  That's ridiculous to


think I meant they should die for internet connectivity to remain on!  I 
meant the -companies-


should stop  facilitating the repression by complying "...with numerous 
demands from the military,


including instructions to cut off the internet each night for the past 
week, and block specific


websites, such as Facebook, Twitter and Instagram."  This means the 
companies  should stop


selling to the military there.  But that was an aside to the above.


I can pass packets pretty well, but the evidence seems to show I am a 
pretty crappy communicator.


scott

Re: Myanmar internet - something to think about if you're having a bad day

[George Metz]

First you say "not at all" and then you say "stop complying". If your
employees stop complying with the orders coming from the angry men
with guns held to said employees' heads, someone's going to get shot -
and it's going to be the telecom employees. That's significantly more
than a financial hardship and I cannot grasp how you think it could
possibly be otherwise.

On Mon, Apr 26, 2021 at 5:57 PM scott  wrote:
>
>
> On 4/26/2021 11:27 AM, Mel Beckman wrote:
> > Scott, are you saying that employees of Telenor and Ooredoo are 
> > “facilitating violent repression” by following the orders of soldiers 
> > holding guns to their heads?
>
> -
>
> No.  Not at all.  Of course not.  That would be ridiculous.  I meant to
> say,"Myanmar’s two foreign-owned telecom operators, Telenor and
> Ooredoo..." should stop  facilitating the repression by complying
> "...with numerous demands from the military, including instructions to
> cut off the internet each night for the past week, and block specific
> websites, such as Facebook, Twitter and Instagram."  And, yeah, that
> means financial repercussions for the companies.
>
>
> > My understanding of the rules of nano guess that there is to be no “naming 
> > and shaming“. please retract your post.
>
> ---
>
> What?  You know folks do that all the time.  Did I miss the change in
> rules?   If it makes you or others feel better...I retract the post.
>
>
> I was having a bad day (Monday) and saw this.  It made me feel better
> about the crap I am going through today and thought it might be the same
> for other ops.  I also found it interesting that they were manipulating
> DNS servers with false IP addresses.  I wonder if the people can use a
> different DNS server than the two ISPs?
>
> scott
>

Re: DoD IP Space

[Randy Bush]

anyone seeing roas in 11/8?  i am not.

randy

---
ra...@psg.com
`gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
signatures are back, thanks to dmarc header butchery

Twitter routing contact

[bobp]

Hi All,

Is there anyone out there from the routing team at Twitter that could get in 
touch to look at some sub-optimal routing we're seeing?  We've tried the 
Peeringdb contacts with no success.

Cheers,
Bob.
(AS38195)

Re: DoD IP Space

[Michael Thomas]

On 4/24/21 3:45 PM, William Herrin wrote:

On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:

This doesn’t sound good, no matter how you slice it. The lack of
transparency with a civilian resource is troubling at a minimum.

You do understand that the addresses in question are not and have
never been "civilian." They came into DoD's possession when this was
all still a military project funded by what's now DARPA.

Personally, I think we may have an all time record for the largest
honeypot ever constructed. I'd love to be a fly on that wall.

Is this to say that the prefixes are now being announced? Sorry for this 
dumb question, but how would this honeypot work?


Mike

Re: Myanmar internet - something to think about if you're having a bad day

[scott]

On 4/26/2021 11:27 AM, Mel Beckman wrote:

Scott, are you saying that employees of Telenor and Ooredoo are “facilitating 
violent repression” by following the orders of soldiers holding guns to their 
heads?


-

No.  Not at all.  Of course not.  That would be ridiculous.  I meant to 
say,"Myanmar’s two foreign-owned telecom operators, Telenor and 
Ooredoo..." should stop  facilitating the repression by complying 
"...with numerous demands from the military, including instructions to 
cut off the internet each night for the past week, and block specific 
websites, such as Facebook, Twitter and Instagram."  And, yeah, that 
means financial repercussions for the companies.




My understanding of the rules of nano guess that there is to be no “naming and 
shaming“. please retract your post.


---

What?  You know folks do that all the time.  Did I miss the change in 
rules?   If it makes you or others feel better...I retract the post.



I was having a bad day (Monday) and saw this.  It made me feel better 
about the crap I am going through today and thought it might be the same 
for other ops.  I also found it interesting that they were manipulating 
DNS servers with false IP addresses.  I wonder if the people can use a 
different DNS server than the two ISPs?


scott

Re: Myanmar internet - something to think about if you're having a bad day

[Mel Beckman]

Scott, are you saying that employees of Telenor and Ooredoo are “facilitating 
violent repression” by following the orders of soldiers holding guns to their 
heads?

My understanding of the rules of nano guess that there is to be no “naming and 
shaming“. please retract your post.

-mel beckman

> On Apr 26, 2021, at 2:07 PM, scott  wrote:
> 
> 
> On 4/26/2021 10:53 AM, Andy Ringsmuth wrote:
 On Apr 26, 2021, at 3:23 PM, scott  wrote:
>>> Telenor and Ooredoo, it's time to do the right thing.
>> Well, for strongly held religious beliefs, some may be convicted enough to 
>> be a martyr.
>> For internet connectivity? Likely not.
> 
> 
> 
> 
> I could not parse that.  (autocorrect issue?)  There is nothing about 
> religion in the post.  The section of my post you highlighted above was to 
> name-and-shame companies facilitating violent repression.
> 
> What started it was how a 'bad day' for network operators can mean very 
> different things.  Just some food for thought as Monday progresses...:)
> 
> scott

Re: Myanmar internet - something to think about if you're having a bad day

[scott]

On 4/26/2021 10:53 AM, Andy Ringsmuth wrote:

On Apr 26, 2021, at 3:23 PM, scott  wrote:

Telenor and Ooredoo, it's time to do the right thing.

Well, for strongly held religious beliefs, some may be convicted enough to be a 
martyr.

For internet connectivity? Likely not.





I could not parse that.  (autocorrect issue?)  There is nothing about 
religion in the post.  The section of my post you highlighted above was 
to name-and-shame companies facilitating violent repression.


What started it was how a 'bad day' for network operators can mean very 
different things.  Just some food for thought as Monday progresses...:)


scott

Re: Myanmar internet - something to think about if you're having a bad day

[Andy Ringsmuth]

> On Apr 26, 2021, at 3:23 PM, scott  wrote:
> 
> Telenor and Ooredoo, it's time to do the right thing.

Well, for strongly held religious beliefs, some may be convicted enough to be a 
martyr.

For internet connectivity? Likely not.


Andy Ringsmuth
5609 Harding Drive
Lincoln, NE 68521-5831
(402) 304-0083
a...@andyring.com

“Better even die free, than to live slaves.” - Frederick Douglas, 1863

Myanmar internet - something to think about if you're having a bad day

[scott]

These network operators are having to deal with really bad days! "At 
gunpoint, they ordered technicians at telecom operators to switch off 
the internet."  A whole other level of 'bad day' than we have to deal with!


"The method of choice is to decouple website addresses from the series 
of numbers a computer needs to look up specific sites, a practice akin 
to listing a wrong number under a person’s name in a phone book."  I am 
assuming they mean they are putting false info in the DNS.  ?



https://www.nytimes.com/2021/02/23/world/asia/myanmar-coup-firewall-internet-china.html



"The Myanmar  soldiers descended before dawn on Feb. 1, bearing rifles 
and wire cutters. At gunpoint, they ordered technicians at telecom 
operators to switch off the internet. For good measure, the soldiers 
snipped wires without knowing what they were severing..."


"The military is afraid of the online activities of people so they tried 
to block and shut down the internet...But now international bank 
transactions have stopped, and the country’s economy is declining. It’s 
like their urine is watering their own face.”


"Myanmar’s two foreign-owned telecom operators, Telenor and Ooredoo, 
have complied with numerous demands from the military..."




https://en.wikipedia.org/wiki/Ooredoo   "is Qatari multinational 
telecommunications company headquartered in Doha, Qatar."


https://en.wikipedia.org/wiki/Telenor   "is a Norwegian majority 
state-owned multinational telecommunications company headquartered at 
Fornebu in Baerum, close to Oslo."


Telenor and Ooredoo, it's time to do the right thing.


scott

ps. good thing for them they didn't snip DC power lines...

Re: DoD IP Space

[Mel Beckman]

Carlos,

It’s true even though the Internet is comprised of more than American providers 
and customers. A subsidy is a subsidy. It doesn’t have to go to everyone to “be 
true”. :)

 -mel

> On Apr 26, 2021, at 12:44 PM, Carlos M. Martinez  
> wrote:
> 
> That would be true if “the Internet” was still fully comprised of American 
> providers and customers. That hasn’t been the case for a long, long time.
> 
> On 26 Apr 2021, at 16:27, Mel Beckman wrote:
> 
>> Owen,
>> 
>> Well, no. The Internet — meaning the ISPs and customers that comprise it — 
>> get substantial subsidies to this day. But that’s no call for the government 
>> to be obtuse with the purposes of its IP space.
>> 
>> https://www.nasdaq.com/articles/more-than-300-companies-participate-in-internet-subsidy-program-u.s.-agency-2021-04-01
>> 
>> -mel
>> 
>> 
>>> On Apr 26, 2021, at 11:05 AM, Owen DeLong  wrote:
>>> 
>>> 
>>> 
 On Apr 24, 2021, at 16:34 , Jason Biel  wrote:
 
 The internet that is subsidized by that same Government….
>>> 
>>> Uh, s/is/was/
>>> 
>>> There’s really no subsidy any more.
>>> 
>>> Owen
>>> 

RE: DoD IP Space

[Jean St-Laurent via NANOG]

I’d be interested in an objective recap of this thread.

 

It seems like we could do a Netflix series for networkers about it. 

 

Anyone would like to give it a try to summarize the story back from the 80’s  
till today and explain what is at stake here? 

 

Thanks
Jean

 

From: NANOG  On Behalf Of Tom Beecher
Sent: April 26, 2021 9:32 AM
To: Mel Beckman 
Cc: nanog@nanog.org
Subject: Re: DoD IP Space

 

As long as that IP space was isolated to the .mil network, it was private 
space, as far as the Internet was concerned.

 

The DoD allocation of 11/8 predates the concept of 'private network space'.

 

11/8 was first assigned to the DoD in RFC 943 in April of 1985. The concept of 
IPv4 space for private networks was first defined in RFC 1597, March 1994. 
(Which eventually would become RFC1918. )

 

The fact that certain parties decided on their own that space not present in 
the global routing table was 'fair game' or 'private' doesn't make them 
correct, it simply makes them ill informed. 

 

On Sat, Apr 24, 2021 at 7:18 PM Mel Beckman mailto:m...@beckman.org> > wrote:

Bill,

It’s the INTERNET that is civilian, not the IP space. As long as that IP space 
was isolated to the .mil network, it was private space, as far as the Internet 
was concerned. Now DoD has moved it into the civilian Internet, and I treat 
them as potentially malicious as I do any other organization that lies, cheats, 
and steals the public trust.

 -mel

> On Apr 24, 2021, at 3:45 PM, William Herrin   > wrote:
> 
> On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman   > wrote:
>> This doesn’t sound good, no matter how you slice it. The lack of
>> transparency with a civilian resource is troubling at a minimum.
> 
> You do understand that the addresses in question are not and have
> never been "civilian." They came into DoD's possession when this was
> all still a military project funded by what's now DARPA.
> 
> Personally, I think we may have an all time record for the largest
> honeypot ever constructed. I'd love to be a fly on that wall.
> 
> Regards,
> Bill Herrin
> 
> 
> 
> -- 
> William Herrin
> b...@herrin.us  
> https://bill.herrin.us/

Peering/Google

[Ahmed Dala Ali]

Hi, 

Could someone from  Google peering team ping me off-list? We have an open 
ticket, and the last response that we got was on Feb 23th. 

Regards, 
Ahmed

Re: DoD IP Space

[Carlos M. Martinez]

That would be true if “the Internet” was still fully comprised of 
American providers and customers. That hasn’t been the case for a 
long, long time.


On 26 Apr 2021, at 16:27, Mel Beckman wrote:


Owen,

Well, no. The Internet — meaning the ISPs and customers that 
comprise it — get substantial subsidies to this day. But that’s no 
call for the government to be obtuse with the purposes of its IP 
space.


https://www.nasdaq.com/articles/more-than-300-companies-participate-in-internet-subsidy-program-u.s.-agency-2021-04-01

 -mel



On Apr 26, 2021, at 11:05 AM, Owen DeLong  wrote:




On Apr 24, 2021, at 16:34 , Jason Biel  wrote:

The internet that is subsidized by that same Government….


Uh, s/is/was/

There’s really no subsidy any more.

Owen

Re: DoD IP Space

[Mel Beckman]

Owen,

Well, no. The Internet — meaning the ISPs and customers that comprise it — get 
substantial subsidies to this day. But that’s no call for the government to be 
obtuse with the purposes of its IP space.

https://www.nasdaq.com/articles/more-than-300-companies-participate-in-internet-subsidy-program-u.s.-agency-2021-04-01

 -mel


> On Apr 26, 2021, at 11:05 AM, Owen DeLong  wrote:
> 
> 
> 
>> On Apr 24, 2021, at 16:34 , Jason Biel  wrote:
>> 
>> The internet that is subsidized by that same Government….
> 
> Uh, s/is/was/
> 
> There’s really no subsidy any more.
> 
> Owen
> 

Re: DoD IP Space

[Owen DeLong via NANOG]

> On Apr 24, 2021, at 16:34 , Jason Biel  wrote:
> 
> The internet that is subsidized by that same Government….

Uh, s/is/was/

There’s really no subsidy any more.

Owen

Re: DOD prefixes and AS8003 / GRSCORP

[Scott Morizot]

On Mon, Apr 26, 2021 at 12:19 PM John Curran  wrote:

> I provide all of the above in the spirit of maximal transparency, but
> there are indeed some practical limits to what can be provided.  The
> community should know that there was no special deal – only a clarification
> that the USG sought that was both appropriate under the circumstances and
> comparable to our handling other organizations that wished to move address
> space around internally.
>

Thanks for that expanded clarification about the DoD agreement, John. I'll
note that although my agency did not go so far as an additional signed
agreement, we did confirm we retained the ability to move portions of our
IPv4 networks, including networks we had not previously used publicly, as
required to contracted services acting on our behalf or other bureaus in
our department as operationally needed. I understand the DoD desire for
clarification.

Thanks again,

Scott

Re: DOD prefixes and AS8003 / GRSCORP

[John Curran]

On 26 Apr 2021, at 12:32 PM, John Curran 
mailto:jcur...@arin.net>> wrote:

On 26 Apr 2021, at 11:27 AM, Scott Morizot 
mailto:tmori...@gmail.com>> wrote:

On Mon, Apr 26, 2021 at 10:19 AM Bryan Fields 
mailto:br...@bryanfields.net>> wrote:
On 3/15/21 4:01 PM, Christopher Morrow wrote:
> is it possible that the DoD:
>   1) signed a lRSA (or really just an RSA)

Just re-read this; I don't think the Federal Government is required to sign
the standard ARIN agreement.  I believe they have a different agreement with
ARIN.  I did some searching, but can't find this easily on their website.

Unrelated to DoD, but as the member representative for a different Federal 
agency with both an LRSA and an RSA, I can definitely say that's not the case. 
There are no special rules for the US Federal Government.

Correct  (but I will elaborate separately in reply to Bryan’s posted question 
since the community is entitled to as much transparency as possible.)

Scott -

In summary, you are correct that US Federal agencies have the same RSA as 
everyone else (aside from certain provisions for government-required 
indemnification, bankruptcy, governing law, and/or binding arbitration.)

As noted in my reply to Bryan, the US DoD sought and received an additional 
provision in their RSA providing reassurance that they may transfer unused IPv4 
address space with the USG rather than returning to ARIN.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: Cogent RPKI invalid filtering

[Job Snijders via NANOG]

Hi Robert, NANOG,

On Mon, Apr 26, 2021 at 09:29:27AM -0400, Robert Blayzor via NANOG wrote:
> According to Cloudflares isbgpsafeyet.com, Cogent has been considered "safe"
> and is filtering invalids.
> 
> But I have found that to be untrue (mostly). It appears that some days they
> filter IPv4, sometimes not, and IPv6 invalids are always coming through. I
> know it's Cogent, but curious as to what others are seeing.

   [ Disclaimer: I'm not affiliated with the companies referenced in the
 above message. But as I love talking about RPKI, I'd like to share
 some perspective based on my own experience with both small and
 large scale RPKI deployments. ]

TL;DR - RPKI Route Origin Validation (ROV) is incrementally deployed
inside networks, and incrementally across the Default-Free Zone. This
means right now (and for years to come), operators will see RPKI invalid
routes spill through the cracks of the global routing system.
This is expected and unavoidable.

Details ---

There are a few caveats to consider when using the isbgpsafeyet.com
testing utility to determine whether a network is doing RPKI ROV with
'invalid == reject' EBGP policies. The isbgpsafeyet.com beacon prefixes
are anycasted from many vantage points, this 'skews' the testing results
in some ways.  Imagine the prefixes being anycasted from (hypothetical)
a 100 POPs, this essentially is a 100 attempts to propagate RPKI invalid
routes into the default-free zone. Only a single route (out of the 100)
needs to slip past any potential 'invalid == reject' barriers between
the testsite and the visitor. The Cloudflare test essentially goes out
of its way to circumvent RPKI filters, but at the same time is easily
fooled in the presence of default routes (0.0.0.0/0 + ::/0).

To get a broader sense of how one's local internet connection is impacted
by RPKI, is to compare traceroutes to 103.21.244.15 versus traceroutes
to 1.1.1.1 - if the first trace takes a bit of a detour compared to the
latter IP, it might be indicative of only one (or a few) routers in a
global IP backbone are not RPKI-capable.

In addition to the CF test, I recommend also testing similar but
alternative tools, such as https://sg-pub.ripe.net/jasper/rpki-web-test/
The ripe.net test is *not* anycasted and single-homed behind a
transit-free carrier, this too skews the results in some way.

Another test can be done by pinging the RIPE RIS "Resource Certification
(RPKI) Routing Beacons" at the bottom of this page:
https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/current-ris-routing-beacons

And yet another way of measuring to what degree RPKI ROV has been
deployed in an individual AS or the DFZ as a whole, is by looking at BGP
data. The NLNOG RING LG (AS 199036, http://lg.ring.nlnog.net/summary/lg01/ipv4)
receives tens of full table feeds from various BGP speakers around the
planet. Every few hours a script takes a snapshot of the LG's Local RIB
and applies the RFC 6811 Origin Validation procedure to all paths, and
for a select few ASNs stores the list of prefixes.

Cecilia Testart et al. did a thorough study using similar methodology:
https://www.caida.org/publications/papers/2020/filter_not_filter/filter_not_filter.pdf
This paper is a fun friday afternoon read!

Below is the current top ten "RPKI invalid distributor" ASNs as seen
from AS 199036:

   RPKI invalid routes | Transiting Autonomous System
   +-
 2,224 | AS6461 - Zayo
 2,094 | AS3320 - Deutsche Telekom
 1,989 | AS8220 - Colt
 1,976 | AS5511 - Orange
 1,924 | AS6762 - Telecom Italia
 1,613 | AS1273 - Vodafone
   573 | AS6453 - Tata
   436 | AS6939 - Hurricane Electric
   425 | AS6830 - Liberty Global
   355 | AS3491 - PCCW
 (rough estimates as of April 26th, 2021)

Cogent (AS 174) isn't even in the global top ten RPKI Invalids
distributors! :-) Banana for scale: in 2018-2019 the top ten was
distributing between 5,000 and 6,000 unique RPKI invalid routes.

Many in the community deploying RPKI consider a RPKI deployment
'functionally complete' when a transit network dives below propagating
~ 30% of the total of DFZ invalids (and manages to stay there).

The gap of ~ 1,600 prefixes between Zayo/Deutsche Telekom - and the group
of ASNs propagating less than 600 - is the difference between not
rejecting invalids on any EBGP session, and rejecting invalids on most
EBGP sessions.

How does one end up deploying RPKI ROV on most, but not all EBGP sessions?

In the last few years HUNDREDS of RPKI-related software defects have
been uncovered in BGP implementations. Some bugs are cosmetic in nature,
other bugs are of the "if you enable RPKI, the entire router crashes"
severity level. When bugs are identified and fixed, it'll take
additional time for the QA process to complete and 

Re: DoD IP Space

[John Curran]

On 26 Apr 2021, at 9:59 AM, Ca By  wrote:
> 
> ...
> The fact that certain parties decided on their own that space not present in 
> the global routing table was 'fair game' or 'private' doesn't make them 
> correct, it simply makes them ill informed. 
> 
> My reading of this thread is that the space is now permanently bogon’d for 
> some honeypot. so yeah, it is fair game. Enjoy the public goods all ! 

 

While each network operator is free to make their own decisions on how they 
configure their routers, I’d personally suggest that folks think twice before 
considering another parties IP address blocks to be available for private use.  
Just as no one expected to ever see many of these networks be publicly 
announced, it would not surprise me in the least to see production applications 
on these blocks at some point in the near future…   

/John

Re: DOD prefixes and AS8003 / GRSCORP

[John Curran]

On 26 Apr 2021, at 11:17 AM, Bryan Fields 
mailto:br...@bryanfields.net>> wrote:

On 3/15/21 4:01 PM, Christopher Morrow wrote:
is it possible that the DoD:
 1) signed a lRSA (or really just an RSA)

Just re-read this; I don't think the Federal Government is required to sign
the standard ARIN agreement.  I believe they have a different agreement with
ARIN.  I did some searching, but can't find this easily on their website.

Maybe John can confirm this.

Byran -

A very reasonable question.  Note that ARIN does routinely change its 
registration services agreement (RSA) for governments – reference the last few 
q on the RSA FAQ -  
for specifics; it’s generally address issues regarding indemnification, 
bankruptcy, governing law, and/or binding arbitration that pertain to 
governments & their agencies and their ability to enter into agreements.

As per the CBO report noted earlier, the US DoD entered into an agreement that 
included both obtaining IPv6 number resources and returning potentially unused 
IPv4 number resources.  I can further note that they also sought clarification 
that they would be able to retain unused IPv4 number resources that DoD 
believed would be needed in the future by DoD or other parts of the US 
Government.  As ARIN was not in the business of reclaiming unused addresses 
(rather we encouraged the voluntary return of unused IPv4 addresses prior to 
the availability of the transfer policies), we provided them an explicit 
language to that effect.

Of course, the irony of the situation is that many years later a provision that 
was intended to reassure USG/DoD that ARIN would not take their “unused IPv4 
address space” (so that could reutilized elsewhere in the USG) now reads like a 
requirement that requires such reuse or return to ARIN – hence the cited CBO 
report requirement that "Among other things, this is because DOD entered into 
an agreement with the American Registry for Internet Numbers. Specifically, 
this agreement states the department must return unused addresses to the 
registry.”  The provisions were never intended to constrain the USG/DoD any 
differently than any other party in the registry and given the availability of 
the transfer policies in the number resource policy manual we have made plain 
to the USG/DoD that ARIN is neither encouraging nor an impediment to the 
transfer of IPv4 number resources at this time.

I provide all of the above in the spirit of maximal transparency, but there are 
indeed some practical limits to what can be provided.  The community should 
know that there was no special deal – only a clarification that the USG sought 
that was both appropriate under the circumstances and comparable to our 
handling other organizations that wished to move address space around 
internally.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: DOD prefixes and AS8003 / GRSCORP

[John Curran]

On 26 Apr 2021, at 11:27 AM, Scott Morizot 
mailto:tmori...@gmail.com>> wrote:

On Mon, Apr 26, 2021 at 10:19 AM Bryan Fields 
mailto:br...@bryanfields.net>> wrote:
On 3/15/21 4:01 PM, Christopher Morrow wrote:
> is it possible that the DoD:
>   1) signed a lRSA (or really just an RSA)

Just re-read this; I don't think the Federal Government is required to sign
the standard ARIN agreement.  I believe they have a different agreement with
ARIN.  I did some searching, but can't find this easily on their website.

Unrelated to DoD, but as the member representative for a different Federal 
agency with both an LRSA and an RSA, I can definitely say that's not the case. 
There are no special rules for the US Federal Government.

Correct  (but I will elaborate separately in reply to Bryan’s posted question 
since the community is entitled to as much transparency as possible.)
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: DOD prefixes and AS8003 / GRSCORP

[Scott Morizot]

On Mon, Apr 26, 2021 at 10:19 AM Bryan Fields  wrote:

> On 3/15/21 4:01 PM, Christopher Morrow wrote:
> > is it possible that the DoD:
> >   1) signed a lRSA (or really just an RSA)
>
> Just re-read this; I don't think the Federal Government is required to sign
> the standard ARIN agreement.  I believe they have a different agreement
> with
> ARIN.  I did some searching, but can't find this easily on their website.
>

Unrelated to DoD, but as the member representative for a different Federal
agency with both an LRSA and an RSA, I can definitely say that's not the
case. There are no special rules for the US Federal Government.

Scott

Re: DOD prefixes and AS8003 / GRSCORP

[Bryan Fields]

On 3/15/21 4:01 PM, Christopher Morrow wrote:
> is it possible that the DoD:
>   1) signed a lRSA (or really just an RSA)

Just re-read this; I don't think the Federal Government is required to sign
the standard ARIN agreement.  I believe they have a different agreement with
ARIN.  I did some searching, but can't find this easily on their website.

Maybe John can confirm this.

I don't this this is nefarious at all.  If there's a contract for this, a FOIA
request is likely in order.

-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: RIP Dan Kaminsky

[Callan Banner]

Dan was a kind person and a selfless contributor to the greater DNS
community. Sad news for sure.

On Sat, Apr 24, 2021 at 2:28 PM George Herbert 
wrote:

>
> Reported widely on Twitter by his personal friends, Dan Kaminsky passed
> away yesterday.  The DNS community has lost an immense contributor.
>
>
> -George
>
> Sent from my iPhone

Re: DoD IP Space

[Ca By]

On Mon, Apr 26, 2021 at 6:36 AM Tom Beecher  wrote:

> As long as that IP space was isolated to the .mil network, it was private
>> space, as far as the Internet was concerned.
>>
>
> The DoD allocation of 11/8 predates the concept of 'private network space'.
>
> 11/8 was first assigned to the DoD in RFC 943 in April of 1985. The
> concept of IPv4 space for private networks was first defined in RFC 1597,
> March 1994. (Which eventually would become RFC1918. )
>
> The fact that certain parties decided on their own that space not present
> in the global routing table was 'fair game' or 'private' doesn't make them
> correct, it simply makes them ill informed.
>

My reading of this thread is that the space is now permanently bogon’d for
some honeypot. so yeah, it is fair game. Enjoy the public goods all !


> On Sat, Apr 24, 2021 at 7:18 PM Mel Beckman  wrote:
>
>> Bill,
>>
>> It’s the INTERNET that is civilian, not the IP space. As long as that IP
>> space was isolated to the .mil network, it was private space, as far as the
>> Internet was concerned. Now DoD has moved it into the civilian Internet,
>> and I treat them as potentially malicious as I do any other organization
>> that lies, cheats, and steals the public trust.
>>
>>  -mel
>>
>> > On Apr 24, 2021, at 3:45 PM, William Herrin  wrote:
>> >
>> > On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
>> >> This doesn’t sound good, no matter how you slice it. The lack of
>> >> transparency with a civilian resource is troubling at a minimum.
>> >
>> > You do understand that the addresses in question are not and have
>> > never been "civilian." They came into DoD's possession when this was
>> > all still a military project funded by what's now DARPA.
>> >
>> > Personally, I think we may have an all time record for the largest
>> > honeypot ever constructed. I'd love to be a fly on that wall.
>> >
>> > Regards,
>> > Bill Herrin
>> >
>> >
>> >
>> > --
>> > William Herrin
>> > b...@herrin.us
>> > https://bill.herrin.us/
>>
>>

Re: DoD IP Space

[Tom Beecher]

>
> Wish i was in the room when they turned it on. I hope they make a tiktok
> of the expressions of everyone looking at the first data. [ joke ]
>

That would have been fascinating to see. (The technical bits, maybe not so
much the Tik Tok.)

Some chat threads with industry friends over the years in the last few
months on this topic has been frustrating but enlightening. Many
conversations about 'someone hijacking space' which eventually leads to
finding out they were using this DoD space in ways that the presence of
these announcements in the DFZ breaks things. I'm running out of "just
because you can doesn't mean you should' memes to reply with.

On Sun, Apr 25, 2021 at 12:21 PM Martin Hannigan  wrote:

>
> On Sat, Apr 24, 2021 at 11:27 AM Mel Beckman  wrote:
>
>> This doesn’t sound good, no matter how you slice it. The lack of
>> transparency with a civilian resource is troubling at a minimum. I’m going
>> to bogon this space as a defensive measure, until its real — and detailed —
>> purpose can be known. The secret places of our government have proven
>> themselves untrustworthy in the protection of citizens’ data and networks.
>> They tend to think they know “what’s good for” us.
>>
>>  -mel
>>
>>
>
> If you apply that ideology to 0/0 you're not going to have much of an
> Internet beyond cat pics.
>
> Wish i was in the room when they turned it on. I hope they make a tiktok
> of the expressions of everyone looking at the first data. [ joke ]
>
> Warm regards,
>
> -M<
>
>
>> On Apr 24, 2021, at 8:05 AM, John Curran  wrote:
>>
>> 
>> As noted -
>> https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G
>>
>> FYI,
>> /John
>>
>> John Curran
>> President and CEO
>> American Registry for Internet Numbers
>>
>> On Jan 20, 2021, at 8:35 AM, John Curran  wrote:
>>
>> 
>> Tom –
>>
>> Most definitely: lack of routing history is not at all a reliable
>> indicator of the potential for valid routing of a given IPv4 block in the
>> future, so best practice suggest that allocated address space should not be
>> blocked by others without specific cause.
>>
>> Doing otherwise opens one up to unexpected surprises when issued space
>> suddenly becomes more active in routing and is yet is inexplicably
>> unreachable for some destinations.
>>
>> /John
>>
>> On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:
>>
>>
>> Using the generally accepted definition of a bogon ( RFC 1918 / 5735 /
>> 6598 + netblock not allocated by an RiR ), 22/8 is not a bogon and
>> shouldn't be treated as one.
>>
>> The DoD does not announce it to the DFZ, as is their choice, but nothing
>> says they may not change that position tomorrow. There are plenty of
>> subnets out there that are properly allocated by an RiR, but the assignees
>> do not send them to the DFZ because of $reasons.
>>
>> In my opinion, creating bogon lists that include allocated but not
>> advertised prefixes is poor practice that is likely to end up biting an
>> operator at one point or another.
>>
>> On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov 
>> wrote:
>>
>>> Peace,
>>>
>>> On Tue, Nov 5, 2019, 4:55 PM David Conrad  wrote:
>>> > On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG 
>>> wrote:
>>> >> This thread got me to wondering, is there any
>>> >> legitimate reason to see 22/8 on the public
>>> >> Internet?  Or would it be okay to treat 22/8
>>> >> like a Bogon and drop it at the network edge?
>>> >
>>> > Given the transfer market for IPv4 addresses,
>>> > the spot price for IPv4 addresses, and the need
>>> > of even governments to find “free” (as in
>>> > unconstrained) money, I’d think treating any
>>> > legacy /8 as a bogon would not be prudent.
>>>
>>> It has been said before in this thread that the DoD actively uses this
>>> network internally.  I believe if the DoD were to cut costs, they
>>> would be able to do it much more effectively in many other areas, and
>>> their IPv4 networks would be about the last thing they would think of
>>> (along with switching off ACs Bernard Ebbers-style).  With that in
>>> mind, treating the DoD networks as bogons now makes total sense to me.
>>>
>>> --
>>> Töma
>>>
>>

Re: DoD IP Space

[Tom Beecher]

>
> As long as that IP space was isolated to the .mil network, it was private
> space, as far as the Internet was concerned.
>

The DoD allocation of 11/8 predates the concept of 'private network space'.

11/8 was first assigned to the DoD in RFC 943 in April of 1985. The concept
of IPv4 space for private networks was first defined in RFC 1597, March
1994. (Which eventually would become RFC1918. )

The fact that certain parties decided on their own that space not present
in the global routing table was 'fair game' or 'private' doesn't make them
correct, it simply makes them ill informed.

On Sat, Apr 24, 2021 at 7:18 PM Mel Beckman  wrote:

> Bill,
>
> It’s the INTERNET that is civilian, not the IP space. As long as that IP
> space was isolated to the .mil network, it was private space, as far as the
> Internet was concerned. Now DoD has moved it into the civilian Internet,
> and I treat them as potentially malicious as I do any other organization
> that lies, cheats, and steals the public trust.
>
>  -mel
>
> > On Apr 24, 2021, at 3:45 PM, William Herrin  wrote:
> >
> > On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
> >> This doesn’t sound good, no matter how you slice it. The lack of
> >> transparency with a civilian resource is troubling at a minimum.
> >
> > You do understand that the addresses in question are not and have
> > never been "civilian." They came into DoD's possession when this was
> > all still a military project funded by what's now DARPA.
> >
> > Personally, I think we may have an all time record for the largest
> > honeypot ever constructed. I'd love to be a fly on that wall.
> >
> > Regards,
> > Bill Herrin
> >
> >
> >
> > --
> > William Herrin
> > b...@herrin.us
> > https://bill.herrin.us/
>
>

Cogent RPKI invalid filtering

[Robert Blayzor via NANOG]

According to Cloudflares isbgpsafeyet.com, Cogent has been considered 
"safe" and is filtering invalids.


But I have found that to be untrue (mostly). It appears that some days 
they filter IPv4, sometimes not, and IPv6 invalids are always coming 
through. I know it's Cogent, but curious as to what others are seeing.




invalid.rpki.cloudflare.com has address 103.21.244.15
invalid.rpki.cloudflare.com has address 103.21.244.14
invalid.rpki.cloudflare.com has IPv6 address 2606:4700:7000::6715:f40e
invalid.rpki.cloudflare.com has IPv6 address 2606:4700:7000::6715:f40f



BGP routing table entry for 103.21.244.0/24
  174 13335, (aggregated by 13335 172.69.172.1)
  Origin IGP, metric 83040, localpref 100, valid, external, best, 
group-best, import-candidate

  Community: 174:21101 174:22012


BGP routing table entry for 2606:4700:7000::/48
  174 13335, (aggregated by 13335 172.69.172.1)
2001:550:2f01:: from 2001:550:2f01:: (66.28.1.115)
  Origin IGP, metric 83040, localpref 100, valid, external, best, 
group-best, import-candidate

  Received Path ID 0, Local Path ID 1, version 1272502628
  Community: 174:21101 174:22012


--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://pgp.inoc.net/rblayzor/

Re: DOD prefixes and AS8003 / GRSCORP

[Mike Hammett]

Here's an article that's not paywalled: 

https://apnews.com/article/technology-business-government-and-politics-b26ab809d1e9fdb53314f56299399949
 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "cosmo"  
To: "Owen DeLong"  
Cc: "North American Network Operators' Group" , "John Curran" 
 
Sent: Sunday, April 25, 2021 4:55:06 PM 
Subject: Re: DOD prefixes and AS8003 / GRSCORP 


Looks like the press picked this up. Paywalled though! 


https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/
 



On Tue, Mar 16, 2021 at 3:03 AM Owen DeLong via NANOG < nanog@nanog.org > 
wrote: 









On Mar 15, 2021, at 15:07 , Tom Beecher < beec...@beecher.cc > wrote: 





I think it’s a general matter of public interest how this reassignment of a 
massive government-owned block of well over sixteen million IP addresses 
happened. Even if not fraudulent, the public has a right to know who is behind 
this huge transfer of wealth. 


Don’t you? 









On Mon, Mar 15, 2021 at 3:35 PM Mel Beckman < m...@beckman.org > wrote: 



Owen, 


I think one cause for concern is why “almost all DOD prefixes ( 
7.0.0.0/8,11.0.0.0/8,22.0.0.0/8 and bunch of /22s) are now announced under 
AS8003 (GRSCORP) which was just formed a few months ago,” which, according to 
ARIN WHOIS, had a source registry of “DoD Network Information Center”. 





Somehow, I’m of the impression that DoD is quite capable of defending their own 
property if necessary. I’m also not of the same belief as you that GRSCORP was 
just formed a few months ago. It seems to have bounced back and forth between 
Florida and Delaware one or more times, but that’s not all that uncommon for a 
corporation physically located in Florida. Corporations change their state of 
incorporation somewhat regularly for a variety of legal forum shopping 
purposes, including but not limited to tax advantages, court jurisdictional 
advantages, etc. 











I think it’s a general matter of public interest how this reassignment of a 
massive government-owned block of well over sixteen million IP addresses 
happened. Even if not fraudulent, the public has a right to know who is behind 
this huge transfer of wealth. 





I don’t see a transfer of wealth. I see DOD finally having a contractor 
originate their prefixes in order to make life more difficult for squatters, 
hijackers, and other miscreants. About time, if you ask me. I mean, I’m sure 
that in order to provide that level of sink-hole, GRSCORP is having to pay some 
hefty transit bills and maintain some significant infrastructure and likely 
passing all that cost along to DoD at a hefty markup, so I suppose that’s some 
level of transfer of wealth, but as DoD contracts go, I somehow don’t think 
this one would be regarded as “significant”. 


Owen 











Don’t you? 


-mel beckman 



On Mar 15, 2021, at 12:23 PM, Owen DeLong via NANOG < nanog@nanog.org > wrote: 






According to the timeline posted to this list (by you, Siyuan), Globl Resource 
Systems, LLC was registered in Delaware on September 8, 2020. 
Your timeline also shows the resources being issued to GRS by ARIN on September 
11, september 14, 2020 

It looks to me like they subsequently registered the corporation in Florida and 
moved the company address there. 


I don’t see anything suspicious here based on your own statements, so I’m a bit 
confused what you are on about. 


Owen 




On Mar 12, 2021, at 03:34 , Siyuan Miao < avel...@misaka.io > wrote: 



Hi John, 

My biggest concern is why the AS8003 was assigned to the company (GLOBAL 
RESOURCE SYSTEMS, LLC) even before its existence. 

When we were requesting resources or transfers, ARIN always asked us to provide 
a Certificate of Good Standing and we had to pay the state to order it. 

However, it appears that a Certificate of Good Standing is not required or ARIN 
didn't validate it in this case. 

Regards, 
Siyuan 



On Fri, Mar 12, 2021 at 7:17 PM John Curran < jcur...@arin.net > wrote: 



On 11 Mar 2021, at 7:56 AM, Siyuan Miao < avel...@misaka.io > wrote: 






Hi Folks, 


Just noticed that almost all DOD prefixes ( 7.0.0.0/8,11.0.0.0/8,22.0.0.0/8 and 
bunch of /22s) are now announced under AS8003 (GRSCORP) which was just formed a 
few months ago. 


It looks so suspicious. Does anyone know if it's authorized? 



Siyuan - 


If you have concerns, you can confirm whether these IP address blocks are being 
routed as intended by verification with their listed technical contacts - e.g. 
https://search.arin.net/rdap/?query=22.0.0.0 


As I noted on this list several weeks back - "lack of routing history is not at 
all a reliable indicator of the potential for valid routing of a given IPv4 
block in the future, so best practice suggest that allocated address space 
should not be blocked by others without specific cause. Doing otherwise opens 
one up to unexpected 

Re: DoD IP Space

[Stephane Bortzmeyer]

On Sun, Apr 25, 2021 at 08:29:51AM -0400,
 Jean St-Laurent via NANOG  wrote 
 a message of 38 lines which said:

> Let's see what will slowly appear in shodan.io and shadowserver.org

My favorite (but remember it can be a gigantic honeypot) is the
Ubiquiti router with the name
"HACKED-ROUTER-HELP-SOS-HAD-DUPE-PASSWORD" :-)