Re: BGP and The zero window edge

2021-04-25 Thread Alarig Le Lay 
On Thu 22 Apr 2021 01:24:54 GMT, Job Snijders via NANOG wrote:
> One example is 
> http://lg.ring.nlnog.net/prefix_detail/lg01/ipv6?q=2a0b:6b86:d15::/48
> 
> 2a0b:6b86:d15::/48 via:
> BGP.as_path: 204092 57199 35280 6939 42615 42615 212232
> BGP.as_path: 208627 207910 57199 35280 6939 42615 42615 212232
> BGP.as_path: 208627 207910 57199 35280 6939 42615 42615 212232
> (first announced April 15th, last withdrawn April 15th, 2021)

On the AS204092 side, the route is one week and two days old (so
2021-04-16). So we never received the withdrawn.

asbr01#sh bgp ipv6 uni 2a0b:6b86:d15::/48
BGP routing table entry for 2A0B:6B86:D15::/48, version 88407242
BGP Bestpath: deterministic-med: med
Paths: (2 available, best #1, table default)
  Advertised to update-groups:
 129130145167
  Refresh Epoch 1
  57199 35280 6939 42615 42615 212232
2A0B:CBC0:1::BD (FE80::66D1:54FF:FEEF:9893) from 2A0B:CBC0:1::BD 
(80.67.167.5)
  Origin IGP, metric 10, localpref 100, valid, external, best
  Community: 24115:6939 35280:10 35280:1040 35280:2080 35280:3120 
35280:2 35280:21000 35280:21150 57199:35280 57199:65535 64496:100 
64496:57199 64999:24115
  unknown transitive attribute: flag 0xE0 type 0x20 length 0x30
value  5E33  03E9  0001  5E33
   03EA  0002  5E33  03EB
   0005  5E33  03EC  1B1B

  path 7F1E8D0F3B58 RPKI State valid
  rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 1
  57199 35280 6939 42615 42615 212232, (received-only)
2A0B:CBC0:1::BD (FE80::66D1:54FF:FEEF:9893) from 2A0B:CBC0:1::BD 
(80.67.167.5)
  Origin IGP, metric 4294967295, localpref 100, valid, external
  Community: 24115:6939 35280:10 35280:1040 35280:2080 35280:3120 
35280:2 35280:21000 35280:21150 57199:35280 57199:65535 64999:24115
  unknown transitive attribute: flag 0xE0 type 0x20 length 0x30
value  5E33  03E9  0001  5E33
   03EA  0002  5E33  03EB
   0005  5E33  03EC  1B1B

  path 7F1E8D0EF088 RPKI State valid
  rx pathid: 0, tx pathid: 0
asbr01#sh ipv6 route 2a0b:6b86:d15::/48
Routing entry for 2A0B:6B86:D15::/48
  Known via "bgp 204092", distance 20, metric 10, type external
  Route count is 1/1, share count 0
  Routing paths:
FE80::66D1:54FF:FEEF:9893, GigabitEthernet0/0/0.24
  MPLS label: nolabel
  Last updated 1w2d ago

asbr01#

-- 
Alarig

Re: DOD prefixes and AS8003 / GRSCORP

2021-04-25 Thread William Herrin 
On Tue, Mar 16, 2021 at 3:01 AM Owen DeLong via NANOG  wrote:
> On Mon, Mar 15, 2021 at 3:35 PM Mel Beckman  wrote:
>> I think one cause for concern is why “almost all DOD prefixes 
>> (7.0.0.0/8,11.0.0.0/8,22.0.0.0/8 and bunch of /22s) are now announced under 
>> AS8003 (GRSCORP) which was just formed a few months ago,”

> I’m also not of the same belief as you that GRSCORP was just formed a few 
> months ago.

It's not unusual to create a "cutout" or shell company to hold the
network resources when the (larger) defense contractor wants to keep
its identity dissociated from the Internet activity.

Regards,
Bill Herrin


-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: DoD IP Space

2021-04-25 Thread John Curran 
On 25 Apr 2021, at 4:59 PM, Sabri Berisha 
mailto:sa...@cluecentral.net>> wrote:

- On Apr 25, 2021, at 2:24 AM, Bill Woodcock 
wo...@pch.net wrote:

Hi,

I think I’d characterize it, rather, as a possible privatization of public
property.

This comment sparked my curiosity. Does ARIN consider IP space to be property?

One could argue both ways:

1. Whomever "owns" a netblock simply owns the right to use and advertise it as 
long
as it's being used for the purposes under which it was assigned by a number 
registry.
This would be similar to "apartment rights" in a condominium complex.

OR;

2. IP space comes with property rights such as selling and leasing as one 
wishes. But,
that would also imply that IP space can be stolen.

I'd be curious to hear what ARIN's position is on this.

Sabri -

ARIN’s position can be clearly found in section 2 of the Registration Services 
Agreement  -

– When parties are issued IP address blocks, they are given a limited bundle of 
contractual rights to an entry in the registry database.
– These rights include the exclusive right to be associated with a specific 
entry, the exclusive right to administer that entry in the ARIN registry 
database, and exclusive right of transfer this bundle of rights in accordance 
with adopted policy.

Two things:  a) None of this pertains to a right to announce or route an IP 
address block – ISPs each control their own routing and often care about who 
holds rights to a block in the registry, but that does not equate to issuing a 
“right to route.”   b) You’ll probably want to discuss with legal counsel for 
more specifics of the nuances between contractual rights versus property 
rights, particularly when if comes to intangible rights, enforceability against 
specific parties versus the world, etc.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: DoD IP Space

2021-04-25 Thread j k 
In the positive side of things, guess we will see IPv6 usage.

Joe Klein

On Sun, Apr 25, 2021, 6:11 PM John Curran  wrote:

> Sronan -
>
> I made no claims other than pointing out that IP address blocks in the
> ARIN registry are subject to ARIN policies.
>
> ARIN was formed specifically so that the Internet community could engage
> in self-regulation for IP number resources; to wit: "Creation of ARIN will
> give the users of IP numbers (mostly Internet service providers,
> corporations and other large institutions) a voice in the policies by which
> they are managed and allocated within the North American region” [1] – thus
> ARIN's policies for management of the registry apply to all resources in
> the registry because that was inherent to the purpose to which ARIN was
> formed.
>
> This includes having ARIN "assume full responsibility for Internet
> Protocol (IP) number assignments and related administrative tasks
> previously handled by NSI.”, whereby ARIN formally became the successor
> registry operator for organizational assignments in a long chain that
> includes USC/ISI, SRI, GSI, and NSI.
>
> The community wanted self-governance, and that’s exactly what it got…  the
> result is a fairly important reason to participate in ARIN policy
> development and/or governance if you feel strongly about these matters.
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
> [1] https://www.nsf.gov/news/news_summ.jsp?cntn_id=102819 - "Internet
> Moves Toward Privatization / IP numbers handled by non-profit”
>
>
> On Apr 25, 2021, at 11:38 AM, sro...@ronan-online.com wrote:
>
>  So you are claiming that ARIN has jurisdiction over DoD IP space?
>
> Sent from my iPhone
>
> On Apr 25, 2021, at 9:13 AM, John Curran  wrote:
>
>  Sronan -
>
> I’d suggest asking rather than making assertions when it comes to ARIN, as
> this will avoid propagating existing misinformation in the community.
>
> Many US government agencies, including the US Department of Defense, have
> signed registration services agreements with ARIN.
>
> From https://account.arin.net/public/member-list -
>
> United States Department of Defense (DoD)
>
> USDDD 
>
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
> On 25 Apr 2021, at 8:54 AM, sro...@ronan-online.com wrote:
>
> Except these DoD blocks don’t fall under ARIM justification, as they
> predate ARIN. It is very likely that the DoD has never and will never sign
> any sort of ARIN agreement.
>
> Sent from my iPhone
>
> On Apr 25, 2021, at 3:40 AM, Mel Beckman  wrote:
>
> Mark,
>
> ARIN rules require every IP space holder to publish accurate — and
> effective —  Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I
> pointed out, and as you can test for yourself. Your expectation that the
> DOD will “generally comply with all of the expected norms” is sorely naive,
> and already disproven.
>
> As far as “why does anyone on the Internet need to publish to your
> arbitrary standards”, you seem to forget that in the U.S., the government
> is accountable to the People. Where a private company may not have to
> explain its purposes, the government most certainly does in the private
> sector. With these IP spaces being thrust into the civilian realm, yes,
> they owe the citizenry an explanation of their actions, just as they would
> if they had started mounting missile launchers on highway overpasses. It’s
> a direct militarization of a civilian utility.
>
> Keep in mind that the U.S. Government — under all administrations — has
> shown that it will abuse every technical advantage it can, as long as it
> can do so in secret. Perhaps you’ve forgotten James Clapper, the former
> director of national intelligence, who falsely testified to Congress that
> the government does “not wittingly” collect the telephone records of
> millions of Americans. And he was just the tip of the iceberg. Before
> Clapper under Obama there was the Bush administration’s Stellar Wind"
> warrantless surveillance program. The list of government abuse of civilian
> resources is colossal .
>
> Fighting against that isn’t political. It’s patriotic.
>
> -mel
>
> On Apr 25, 2021, at 12:02 AM, Mark Foster  wrote:
>
> 
>
> On 25/04/2021 3:24 am, Mel Beckman wrote:
>
> This doesn’t sound good, no matter how you slice it. The lack of
> transparency with a civilian resource is troubling at a minimum. I’m going
> to bogon this space as a defensive measure, until its real — and detailed —
> purpose can be known. The secret places of our government have proven
> themselves untrustworthy in the protection of citizens’ data and networks.
> They tend to think they know “what’s good for” us.
>
> -mel
>
>
> Why does anyone on the Internet need to publish to your arbitrary
> standards, what they intend to do with their IP address ranges?
>
> Failure to advertise the IP address space to the

Re: DoD IP Space

2021-04-25 Thread John Curran 
Sronan -

I made no claims other than pointing out that IP address blocks in the ARIN 
registry are subject to ARIN policies.

ARIN was formed specifically so that the Internet community could engage in 
self-regulation for IP number resources; to wit: "Creation of ARIN will give 
the users of IP numbers (mostly Internet service providers, corporations and 
other large institutions) a voice in the policies by which they are managed and 
allocated within the North American region” [1] – thus ARIN's policies for 
management of the registry apply to all resources in the registry because that 
was inherent to the purpose to which ARIN was formed.

This includes having ARIN "assume full responsibility for Internet Protocol 
(IP) number assignments and related administrative tasks previously handled by 
NSI.”, whereby ARIN formally became the successor registry operator for 
organizational assignments in a long chain that includes USC/ISI, SRI, GSI, and 
NSI.

The community wanted self-governance, and that’s exactly what it got…  the 
result is a fairly important reason to participate in ARIN policy development 
and/or governance if you feel strongly about these matters.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

[1] https://www.nsf.gov/news/news_summ.jsp?cntn_id=102819 - "Internet Moves 
Toward Privatization / IP numbers handled by non-profit”


On Apr 25, 2021, at 11:38 AM, 
sro...@ronan-online.com wrote:

 So you are claiming that ARIN has jurisdiction over DoD IP space?

Sent from my iPhone

On Apr 25, 2021, at 9:13 AM, John Curran 
mailto:jcur...@arin.net>> wrote:

 Sronan -

I’d suggest asking rather than making assertions when it comes to ARIN, as this 
will avoid propagating existing misinformation in the community.

Many US government agencies, including the US Department of Defense, have 
signed registration services agreements with ARIN.

From https://account.arin.net/public/member-list -

United States Department of Defense (DoD)

USDDD

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 25 Apr 2021, at 8:54 AM, 
sro...@ronan-online.com wrote:

Except these DoD blocks don’t fall under ARIM justification, as they predate 
ARIN. It is very likely that the DoD has never and will never sign any sort of 
ARIN agreement.

Sent from my iPhone

On Apr 25, 2021, at 3:40 AM, Mel Beckman 
mailto:m...@beckman.org>> wrote:

Mark,

ARIN rules require every IP space holder to publish accurate — and effective —  
Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, and as 
you can test for yourself. Your expectation that the DOD will “generally comply 
with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary 
standards”, you seem to forget that in the U.S., the government is accountable 
to the People. Where a private company may not have to explain its purposes, 
the government most certainly does in the private sector. With these IP spaces 
being thrust into the civilian realm, yes, they owe the citizenry an 
explanation of their actions, just as they would if they had started mounting 
missile launchers on highway overpasses. It’s a direct militarization of a 
civilian utility.

Keep in mind that the U.S. Government — under all administrations — has shown 
that it will abuse every technical advantage it can, as long as it can do so in 
secret. Perhaps you’ve forgotten James Clapper, the former director of national 
intelligence, who falsely testified to Congress that the government does “not 
wittingly” collect the telephone records of millions of Americans. And he was 
just the tip of the iceberg. Before Clapper under Obama there was the Bush 
administration’s Stellar Wind" warrantless surveillance program. The list of 
government abuse of civilian resources is colossal .

Fighting against that isn’t political. It’s patriotic.

-mel

On Apr 25, 2021, at 12:02 AM, Mark Foster 
mailto:blak...@blakjak.net>> wrote:


On 25/04/2021 3:24 am, Mel Beckman wrote:
This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us.

-mel


Why does anyone on the Internet need to publish to your arbitrary standards, 
what they intend to do with their IP address ranges?

Failure to advertise the IP address space to the Internet (until now, perhaps) 
doesn't make the address space any less legitimate, and though I'd expect the 
DoD to generally comply with all of the expected

Re: DOD prefixes and AS8003 / GRSCORP

2021-04-25 Thread cosmo 
Looks like the press picked this up. Paywalled though!

https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/

On Tue, Mar 16, 2021 at 3:03 AM Owen DeLong via NANOG 
wrote:

>
>
> On Mar 15, 2021, at 15:07 , Tom Beecher  wrote:
>
> I think it’s a general matter of public interest how this reassignment of
>> a massive government-owned block of well over sixteen million IP addresses
>> happened. Even if not fraudulent, the public has a right to know who is
>> behind this huge transfer of wealth.
>>
>> Don’t you?
>>
>
> On Mon, Mar 15, 2021 at 3:35 PM Mel Beckman  wrote:
>
>> Owen,
>>
>> I think one cause for concern is why “almost all DOD prefixes (
>> 7.0.0.0/8,11.0.0.0/8,22.0.0.0/8 and bunch of /22s) are now announced
>> under AS8003 (GRSCORP) which was just formed a few months ago,” which,
>> according to ARIN WHOIS, had a source registry of “DoD Network Information
>> Center”.
>>
>
> Somehow, I’m of the impression that DoD is quite capable of defending
> their own property if necessary. I’m also not of the same belief as you
> that GRSCORP was just formed a few months ago. It seems to have bounced
> back and forth between Florida and Delaware one or more times, but that’s
> not all that uncommon for a corporation physically located in Florida.
> Corporations change their state of incorporation somewhat regularly for a
> variety of legal forum shopping purposes, including but not limited to tax
> advantages, court jurisdictional advantages, etc.
>
>
> I think it’s a general matter of public interest how this reassignment of
>> a massive government-owned block of well over sixteen million IP addresses
>> happened. Even if not fraudulent, the public has a right to know who is
>> behind this huge transfer of wealth.
>>
>
> I don’t see a transfer of wealth. I see DOD finally having a contractor
> originate their prefixes in order to make life more difficult for
> squatters, hijackers, and other miscreants. About time, if you ask me. I
> mean, I’m sure that in order to provide that level of sink-hole, GRSCORP is
> having to pay some hefty transit bills and maintain some significant
> infrastructure and likely passing all that cost along to DoD at a hefty
> markup, so I suppose that’s some level of transfer of wealth, but as DoD
> contracts go, I somehow don’t think this one would be regarded as
> “significant”.
>
> Owen
>
>
>> Don’t you?
>>
>>  -mel beckman
>>
>> On Mar 15, 2021, at 12:23 PM, Owen DeLong via NANOG 
>> wrote:
>>
>>  According to the timeline posted to this list (by you, Siyuan), Globl
>> Resource Systems, LLC was registered in Delaware on September 8, 2020.
>> Your timeline also shows the resources being issued to GRS by ARIN on
>> September 11, september 14, 2020
>> It looks to me like they subsequently registered the corporation in
>> Florida and moved the company address there.
>>
>> I don’t see anything suspicious here based on your own statements, so I’m
>> a bit confused what you are on about.
>>
>> Owen
>>
>> On Mar 12, 2021, at 03:34 , Siyuan Miao  wrote:
>>
>> Hi John,
>>
>> My biggest concern is why the AS8003 was assigned to the company (GLOBAL
>> RESOURCE SYSTEMS, LLC) even before its existence.
>>
>> When we were requesting resources or transfers, ARIN always asked us to
>> provide a Certificate of Good Standing and we had to pay the state to order
>> it.
>>
>> However, it appears that a Certificate of Good Standing is not required
>> or ARIN didn't validate it in this case.
>>
>> Regards,
>> Siyuan
>>
>> On Fri, Mar 12, 2021 at 7:17 PM John Curran  wrote:
>>
>>> On 11 Mar 2021, at 7:56 AM, Siyuan Miao  wrote:
>>>
>>>
>>> Hi Folks,
>>>
>>> Just noticed that almost all DOD prefixes (
>>> 7.0.0.0/8,11.0.0.0/8,22.0.0.0/8 and bunch of /22s)  are now announced
>>> under AS8003 (GRSCORP) which was just formed a few months ago.
>>>
>>> It looks so suspicious. Does anyone know if it's authorized?
>>>
>>>
>>> Siyuan -
>>>
>>> If you have concerns, you can confirm whether these IP address blocks
>>> are being routed as intended by verification with their listed technical
>>> contacts - e.g. https://search.arin.net/rdap/?query=22.0.0.0
>>>
>>> As I noted on this list several weeks back - "lack of routing history is
>>> not at all a reliable indicator of the potential for valid routing of a
>>> given IPv4 block in the future, so best practice suggest that allocated
>>> address space should not be blocked by others without specific cause. Doing
>>> otherwise opens one up to unexpected surprises when issued space suddenly
>>> becomes more active in routing and is yet is inexplicably unreachable for
>>> some destinations."
>>>
>>> Thanks!
>>> /John
>>>
>>> John Curran
>>> President and CEO
>>> American Registry for Internet Numbers
>>>
>>>
>>
>

Re: RIP Dan Kaminsky

2021-04-25 Thread William Guo 
No way.

So sorry to hear that.

On Sat, Apr 24, 2021 at 1:30 PM Brielle  wrote:

> Well, shit.  This makes me really sad.
>
> Godspeed wherever the universe takes you.
>
> *raises her glass*
>
> Sent from my iPhone
>
> > On Apr 24, 2021, at 12:27 PM, George Herbert 
> wrote:
> >
> > 
> > Reported widely on Twitter by his personal friends, Dan Kaminsky passed
> away yesterday.  The DNS community has lost an immense contributor.
> >
> >
> > -George
> >
> > Sent from my iPhone
>
>

Re: DoD IP Space

2021-04-25 Thread Sabri Berisha 
- On Apr 25, 2021, at 2:24 AM, Bill Woodcock wo...@pch.net wrote:

Hi,

> I think I’d characterize it, rather, as a possible privatization of public
> property.

This comment sparked my curiosity. Does ARIN consider IP space to be property?

One could argue both ways:

1. Whomever "owns" a netblock simply owns the right to use and advertise it as 
long
as it's being used for the purposes under which it was assigned by a number 
registry.
This would be similar to "apartment rights" in a condominium complex.

OR;

2. IP space comes with property rights such as selling and leasing as one 
wishes. But,
that would also imply that IP space can be stolen.

I'd be curious to hear what ARIN's position is on this. 

Thanks,

Sabri

Re: DoD IP Space

2021-04-25 Thread John Curran 
Randy -

We don’t generally speak about specific customers – but I do acknowledge this 
is a bit of an unusual case...

There was no exchange at all, but rather the US DoD wanted to make sure that 
(if at some
point in the future) they had excess IPv4 resources that the DoD retained the 
ability to reutilize such elsewhere within the US Government rather than 
returning them to ARIN.

(You have to remember this was a point in time when many organizations were 
retuned unused IPv4 blocks in order to help with IPv4 longevity...) 

ARIN provided them clarity in that regard (as requiring return when other 
departments had need for IPv4 number resources was never the intent), and that 
has since been completely preempted by the adoption of transfer policies by the 
ARIN community.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers

> On Apr 25, 2021, at 12:32 PM, Randy Bush  wrote:
> 
> john,
> 
> my altzheimer's device tells me that some years back there was a
> documented written agreement between arin and the dod along the lines of
> dod getting a large swath of ipv6 space[0] in exchange for agreeing to
> return[1] or otherwise put into public use a half dozen ipv4 /8s.
> 
> could you refresh my memory, e.g. with the document, please?  thanks.
> 
> randy
> 
> --
> 
> [0] which they are still trying to figure out how to use; bit isn't half
>the internet in a similar pinch. :)
> 
> [1] since the dod probably did not get the space from arin, 'return' is
>probably not a good term.
> 
> 
> ---
> ra...@psg.com
> `gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
> signatures are back, thanks to dmarc header butchery
>

Re: DoD IP Space

2021-04-25 Thread Michael Butler via NANOG 

On 4/25/21 12:32 PM, Randy Bush wrote:

john,

my altzheimer's device tells me that some years back there was a
documented written agreement between arin and the dod along the lines of
dod getting a large swath of ipv6 space[0] in exchange for agreeing to
return[1] or otherwise put into public use a half dozen ipv4 /8s.

could you refresh my memory, e.g. with the document, please?  thanks.

randy

--

[0] which they are still trying to figure out how to use; bit isn't half
 the internet in a similar pinch. :)

[1] since the dod probably did not get the space from arin, 'return' is
 probably not a good term.


The footnote (11) on page 7 of https://www.gao.gov/assets/gao-20-402.pdf 
seems to be most relevant ..


"We are not aware of any statutory requirements that directly address 
the ability of a government agency to transfer or sell IP addresses to a 
third party, but DOD would face legal and policy constraints to any 
potential sale or transfer of the addresses to a third party outside of 
the government. Among other things, this is because DOD entered into an 
agreement with the American Registry for Internet Numbers. Specifically, 
this agreement states the department must return unused addresses to the 
registry."


imb

Re: DoD IP Space

2021-04-25 Thread Randy Bush 
john,

my altzheimer's device tells me that some years back there was a
documented written agreement between arin and the dod along the lines of
dod getting a large swath of ipv6 space[0] in exchange for agreeing to
return[1] or otherwise put into public use a half dozen ipv4 /8s.

could you refresh my memory, e.g. with the document, please?  thanks.

randy

--

[0] which they are still trying to figure out how to use; bit isn't half
the internet in a similar pinch. :)

[1] since the dod probably did not get the space from arin, 'return' is
probably not a good term.


---
ra...@psg.com
`gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
signatures are back, thanks to dmarc header butchery

Re: DoD IP Space

2021-04-25 Thread Martin Hannigan 
On Sat, Apr 24, 2021 at 11:27 AM Mel Beckman  wrote:

> This doesn’t sound good, no matter how you slice it. The lack of
> transparency with a civilian resource is troubling at a minimum. I’m going
> to bogon this space as a defensive measure, until its real — and detailed —
> purpose can be known. The secret places of our government have proven
> themselves untrustworthy in the protection of citizens’ data and networks.
> They tend to think they know “what’s good for” us.
>
>  -mel
>
>

If you apply that ideology to 0/0 you're not going to have much of an
Internet beyond cat pics.

Wish i was in the room when they turned it on. I hope they make a tiktok of
the expressions of everyone looking at the first data. [ joke ]

Warm regards,

-M<


> On Apr 24, 2021, at 8:05 AM, John Curran  wrote:
>
> 
> As noted -
> https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/#click=https://t.co/mVh26yBq9G
>
> FYI,
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
> On Jan 20, 2021, at 8:35 AM, John Curran  wrote:
>
> 
> Tom –
>
> Most definitely: lack of routing history is not at all a reliable
> indicator of the potential for valid routing of a given IPv4 block in the
> future, so best practice suggest that allocated address space should not be
> blocked by others without specific cause.
>
> Doing otherwise opens one up to unexpected surprises when issued space
> suddenly becomes more active in routing and is yet is inexplicably
> unreachable for some destinations.
>
> /John
>
> On Nov 5, 2019, at 10:38 AM, Tom Beecher  wrote:
>
>
> Using the generally accepted definition of a bogon ( RFC 1918 / 5735 /
> 6598 + netblock not allocated by an RiR ), 22/8 is not a bogon and
> shouldn't be treated as one.
>
> The DoD does not announce it to the DFZ, as is their choice, but nothing
> says they may not change that position tomorrow. There are plenty of
> subnets out there that are properly allocated by an RiR, but the assignees
> do not send them to the DFZ because of $reasons.
>
> In my opinion, creating bogon lists that include allocated but not
> advertised prefixes is poor practice that is likely to end up biting an
> operator at one point or another.
>
> On Tue, Nov 5, 2019 at 9:45 AM Töma Gavrichenkov 
> wrote:
>
>> Peace,
>>
>> On Tue, Nov 5, 2019, 4:55 PM David Conrad  wrote:
>> > On Nov 4, 2019, at 10:56 PM, Grant Taylor via NANOG 
>> wrote:
>> >> This thread got me to wondering, is there any
>> >> legitimate reason to see 22/8 on the public
>> >> Internet?  Or would it be okay to treat 22/8
>> >> like a Bogon and drop it at the network edge?
>> >
>> > Given the transfer market for IPv4 addresses,
>> > the spot price for IPv4 addresses, and the need
>> > of even governments to find “free” (as in
>> > unconstrained) money, I’d think treating any
>> > legacy /8 as a bogon would not be prudent.
>>
>> It has been said before in this thread that the DoD actively uses this
>> network internally.  I believe if the DoD were to cut costs, they
>> would be able to do it much more effectively in many other areas, and
>> their IPv4 networks would be about the last thing they would think of
>> (along with switching off ACs Bernard Ebbers-style).  With that in
>> mind, treating the DoD networks as bogons now makes total sense to me.
>>
>> --
>> Töma
>>
>

Re: DoD IP Space

2021-04-25 Thread sronan 
So you are claiming that ARIN has jurisdiction over DoD IP space?

Sent from my iPhone

> On Apr 25, 2021, at 9:13 AM, John Curran  wrote:
> 
>  Sronan - 
> 
> I’d suggest asking rather than making assertions when it comes to ARIN, as 
> this will avoid propagating existing misinformation in the community. 
> 
> Many US government agencies, including the US Department of Defense, have 
> signed registration services agreements with ARIN.
> 
> From https://account.arin.net/public/member-list - 
> 
> United States Department of Defense (DoD)   USDDD
> 
> Thanks! 
> /John
> 
> John Curran
> President and CEO
> American Registry for Internet Numbers
> 
>>> On 25 Apr 2021, at 8:54 AM, sro...@ronan-online.com wrote:
>>> 
>>> Except these DoD blocks don’t fall under ARIM justification, as they 
>>> predate ARIN. It is very likely that the DoD has never and will never sign 
>>> any sort of ARIN agreement.
>>> 
>>> Sent from my iPhone
>>> 
>>> On Apr 25, 2021, at 3:40 AM, Mel Beckman  wrote:
>>> 
>>> Mark,
>>> 
>>> ARIN rules require every IP space holder to publish accurate — and 
>>> effective —  Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I 
>>> pointed out, and as you can test for yourself. Your expectation that the 
>>> DOD will “generally comply with all of the expected norms” is sorely naive, 
>>> and already disproven.
>>> 
>>> As far as “why does anyone on the Internet need to publish to your 
>>> arbitrary standards”, you seem to forget that in the U.S., the government 
>>> is accountable to the People. Where a private company may not have to 
>>> explain its purposes, the government most certainly does in the private 
>>> sector. With these IP spaces being thrust into the civilian realm, yes, 
>>> they owe the citizenry an explanation of their actions, just as they would 
>>> if they had started mounting missile launchers on highway overpasses. It’s 
>>> a direct militarization of a civilian utility. 
>>> 
>>> Keep in mind that the U.S. Government — under all administrations — has 
>>> shown that it will abuse every technical advantage it can, as long as it 
>>> can do so in secret. Perhaps you’ve forgotten James Clapper, the former 
>>> director of national intelligence, who falsely testified to Congress that 
>>> the government does “not wittingly” collect the telephone records of 
>>> millions of Americans. And he was just the tip of the iceberg. Before 
>>> Clapper under Obama there was the Bush administration’s Stellar Wind" 
>>> warrantless surveillance program. The list of government abuse of civilian 
>>> resources is colossal . 
>>> 
>>> Fighting against that isn’t political. It’s patriotic.
>>> 
>>> -mel 
>>> 
 On Apr 25, 2021, at 12:02 AM, Mark Foster  wrote:
 
 
>> On 25/04/2021 3:24 am, Mel Beckman wrote:
> This doesn’t sound good, no matter how you slice it. The lack of 
> transparency with a civilian resource is troubling at a minimum. I’m 
> going to bogon this space as a defensive measure, until its real — and 
> detailed — purpose can be known. The secret places of our government have 
> proven themselves untrustworthy in the protection of citizens’ data and 
> networks. They tend to think they know “what’s good for” us.
> 
> -mel
> 
 
 Why does anyone on the Internet need to publish to your arbitrary 
 standards, what they intend to do with their IP address ranges?
 
 Failure to advertise the IP address space to the Internet (until now, 
 perhaps) doesn't make the address space any less legitimate, and though 
 I'd expect the DoD to generally comply with all of the expected norms 
 around BGP arrangements and published whois details, at the end of the 
 day, they can nominate who should originate it from their AS and as long 
 as we can see who owns it it's just not our business.
 
 Any organisation who's used DoD space in a way that's likely to conflict 
 with, well, the DoD, gambled and lost.
 
 Mark.
 
>

Re: DoD IP Space

2021-04-25 Thread John Curran 
Sronan -

For avoidance of doubt (and to save folks some digging), I will observe that 
the number resources associated with the U.S. DoD handle I referenced do not 
include DoD’s legacy IPv4 number resource holdings.However, there are 
indeed are registration agreements with the US DoD that pertain to the DoD’s 
legacy IPv4 number resource holdings, and this may be readily confirmed by 
reviewing the CBO assessment report for the “NATIONAL DEFENSE AUTHORIZATION ACT 
FOR FISCAL YEAR 2020” (which in its early form envisioned potential 
monetization of select DoD IPv4 number resources) -

From the CBO assessment  


To estimate the potential receipts from the sale of IP
addresses, CBO examined the security risks and market factors
that would affect the number of addresses and the price for
those addresses that could be sold within the ten-year budget
window. CBO expects that DoD would not be prepared to sell any
addresses before 2022 for several reasons. First, over the next
two years DoD plans to study the cybersecurity requirements and
procedures that will support the department's transition of
IPv4 addresses to the next generation of IPv6 addresses.
Second, the agency would then have to update its internal
network operations in order to mitigate the security risks of
transferring DoD IP addresses to nonfederal entities.\5\ Third,
DoD would have to amend its existing agreement with the
American Registry for Internet Numbers (ARIN), which requires
DoD to release unneeded IP addresses to ARIN for
redistribution.

ARIN has no particular view on the merits/issues of US DoD disposition of its 
rights to IPv4 blocks (and this provision was omitted from the NDAA in its 
final form), but we did indicate to the DoD that ARIN polices for IPv4 address 
blocks have indeed changed, and that their agreement with ARIN does not 
preclude disposition of rights to IPv4 address blocks now that the ARIN 
community has established transfer policies allowing same.

(ARIN applies the community-developed policies to all number resources in the 
ARIN registry, and this includes blocks issued by predecessor operators of the 
registry.)

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


On 25 Apr 2021, at 9:13 AM, John Curran 
mailto:jcur...@arin.net>> wrote:

Sronan -

I’d suggest asking rather than making assertions when it comes to ARIN, as this 
will avoid propagating existing misinformation in the community.

Many US government agencies, including the US Department of Defense, have 
signed registration services agreements with ARIN.

From https://account.arin.net/public/member-list -

United States Department of Defense (DoD)

USDDD

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 25 Apr 2021, at 8:54 AM, 
sro...@ronan-online.com wrote:

Except these DoD blocks don’t fall under ARIM justification, as they predate 
ARIN. It is very likely that the DoD has never and will never sign any sort of 
ARIN agreement.

Sent from my iPhone

On Apr 25, 2021, at 3:40 AM, Mel Beckman 
mailto:m...@beckman.org>> wrote:

Mark,

ARIN rules require every IP space holder to publish accurate — and effective —  
Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, and as 
you can test for yourself. Your expectation that the DOD will “generally comply 
with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary 
standards”, you seem to forget that in the U.S., the government is accountable 
to the People. Where a private company may not have to explain its purposes, 
the government most certainly does in the private sector. With these IP spaces 
being thrust into the civilian realm, yes, they owe the citizenry an 
explanation of their actions, just as they would if they had started mounting 
missile launchers on highway overpasses. It’s a direct militarization of a 
civilian utility.

Keep in mind that the U.S. Government — under all administrations — has shown 
that it will abuse every technical advantage it can, as long as it can do so in 
secret. Perhaps you’ve forgotten James Clapper, the former director of national 
intelligence, who falsely testified to Congress that the government does “not 
wittingly” collect the telephone records of millions of Americans. And he was 
just the tip of the iceberg. Before Clapper under Obama there was the Bush 
administration’s Stellar Wind" warrantless surveillance program. The list of 
government abuse of civilian resources is colossal .

Fighting against that isn’t political. It’s patriotic.

-mel

On Apr 25, 2021, at 12:02 AM, Mark Foster 
mailto:blak...@blakjak.net>> wrote:


On 25/04/2021 3:24 am, Mel Beckman wrote:
This doesn’t sound good, no matter how you

Re: DoD IP Space

2021-04-25 Thread John Curran 
Sronan -

I’d suggest asking rather than making assertions when it comes to ARIN, as this 
will avoid propagating existing misinformation in the community.

Many US government agencies, including the US Department of Defense, have 
signed registration services agreements with ARIN.

From https://account.arin.net/public/member-list -

United States Department of Defense (DoD)

USDDD

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 25 Apr 2021, at 8:54 AM, 
sro...@ronan-online.com wrote:

Except these DoD blocks don’t fall under ARIM justification, as they predate 
ARIN. It is very likely that the DoD has never and will never sign any sort of 
ARIN agreement.

Sent from my iPhone

On Apr 25, 2021, at 3:40 AM, Mel Beckman 
mailto:m...@beckman.org>> wrote:

Mark,

ARIN rules require every IP space holder to publish accurate — and effective —  
Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, and as 
you can test for yourself. Your expectation that the DOD will “generally comply 
with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary 
standards”, you seem to forget that in the U.S., the government is accountable 
to the People. Where a private company may not have to explain its purposes, 
the government most certainly does in the private sector. With these IP spaces 
being thrust into the civilian realm, yes, they owe the citizenry an 
explanation of their actions, just as they would if they had started mounting 
missile launchers on highway overpasses. It’s a direct militarization of a 
civilian utility.

Keep in mind that the U.S. Government — under all administrations — has shown 
that it will abuse every technical advantage it can, as long as it can do so in 
secret. Perhaps you’ve forgotten James Clapper, the former director of national 
intelligence, who falsely testified to Congress that the government does “not 
wittingly” collect the telephone records of millions of Americans. And he was 
just the tip of the iceberg. Before Clapper under Obama there was the Bush 
administration’s Stellar Wind" warrantless surveillance program. The list of 
government abuse of civilian resources is colossal .

Fighting against that isn’t political. It’s patriotic.

-mel

On Apr 25, 2021, at 12:02 AM, Mark Foster 
mailto:blak...@blakjak.net>> wrote:


On 25/04/2021 3:24 am, Mel Beckman wrote:
This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us.

-mel


Why does anyone on the Internet need to publish to your arbitrary standards, 
what they intend to do with their IP address ranges?

Failure to advertise the IP address space to the Internet (until now, perhaps) 
doesn't make the address space any less legitimate, and though I'd expect the 
DoD to generally comply with all of the expected norms around BGP arrangements 
and published whois details, at the end of the day, they can nominate who 
should originate it from their AS and as long as we can see who owns it 
it's just not our business.

Any organisation who's used DoD space in a way that's likely to conflict with, 
well, the DoD, gambled and lost.

Mark.

Re: DoD IP Space

2021-04-25 Thread John Curran 
On 24 Apr 2021, at 6:45 PM, William Herrin 
mailto:b...@herrin.us>> wrote:

On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman 
mailto:m...@beckman.org>> wrote:
This doesn’t sound good, no matter how you slice it. The lack of
transparency with a civilian resource is troubling at a minimum.

You do understand that the addresses in question are not and have
never been "civilian." They came into DoD's possession when this was
all still a military project funded by what's now DARPA.

Personally, I think we may have an all time record for the largest
honeypot ever constructed. I'd love to be a fly on that wall.

Bill -

That’s actually a possibility - just join DDS…  
https://apnews.com/article/technology-business-government-and-politics-b26ab809d1e9fdb53314f56299399949

‘ "The big Pentagon internet mystery now partially solved”
….
After weeks of wonder by the networking community, the Pentagon has now 
provided a very terse explanation for what it’s doing. But it has not answered 
many basic questions, beginning with why it chose to entrust management of the 
address space to a company that seems not to have existed until September.

The military hopes to “assess, evaluate and prevent unauthorized use of DoD IP 
address space,” said a statement issued Friday by Brett Goldstein, chief of the 
Pentagon’s Defense Digital 
Service,
 which is running the project. It also hopes to “identify potential 
vulnerabilities” as part of efforts to defend against cyber-intrusions by 
global adversaries, who are consistently infiltrating U.S. networks, sometimes 
operating from unused internet address blocks. '

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: DoD IP Space

2021-04-25 Thread sronan 
Except these DoD blocks don’t fall under ARIM justification, as they predate 
ARIN. It is very likely that the DoD has never and will never sign any sort of 
ARIN agreement.

Sent from my iPhone

> On Apr 25, 2021, at 3:40 AM, Mel Beckman  wrote:
> 
> Mark,
> 
> ARIN rules require every IP space holder to publish accurate — and effective 
> —  Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, 
> and as you can test for yourself. Your expectation that the DOD will 
> “generally comply with all of the expected norms” is sorely naive, and 
> already disproven.
> 
> As far as “why does anyone on the Internet need to publish to your arbitrary 
> standards”, you seem to forget that in the U.S., the government is 
> accountable to the People. Where a private company may not have to explain 
> its purposes, the government most certainly does in the private sector. With 
> these IP spaces being thrust into the civilian realm, yes, they owe the 
> citizenry an explanation of their actions, just as they would if they had 
> started mounting missile launchers on highway overpasses. It’s a direct 
> militarization of a civilian utility. 
> 
> Keep in mind that the U.S. Government — under all administrations — has shown 
> that it will abuse every technical advantage it can, as long as it can do so 
> in secret. Perhaps you’ve forgotten James Clapper, the former director of 
> national intelligence, who falsely testified to Congress that the government 
> does “not wittingly” collect the telephone records of millions of Americans. 
> And he was just the tip of the iceberg. Before Clapper under Obama there was 
> the Bush administration’s Stellar Wind" warrantless surveillance program. The 
> list of government abuse of civilian resources is colossal . 
> 
> Fighting against that isn’t political. It’s patriotic.
> 
> -mel 
> 
>> On Apr 25, 2021, at 12:02 AM, Mark Foster  wrote:
>> 
>> 
 On 25/04/2021 3:24 am, Mel Beckman wrote:
>>> This doesn’t sound good, no matter how you slice it. The lack of 
>>> transparency with a civilian resource is troubling at a minimum. I’m going 
>>> to bogon this space as a defensive measure, until its real — and detailed — 
>>> purpose can be known. The secret places of our government have proven 
>>> themselves untrustworthy in the protection of citizens’ data and networks. 
>>> They tend to think they know “what’s good for” us.
>>> 
>>> -mel
>>> 
>> 
>> Why does anyone on the Internet need to publish to your arbitrary standards, 
>> what they intend to do with their IP address ranges?
>> 
>> Failure to advertise the IP address space to the Internet (until now, 
>> perhaps) doesn't make the address space any less legitimate, and though I'd 
>> expect the DoD to generally comply with all of the expected norms around BGP 
>> arrangements and published whois details, at the end of the day, they can 
>> nominate who should originate it from their AS and as long as we can see who 
>> owns it it's just not our business.
>> 
>> Any organisation who's used DoD space in a way that's likely to conflict 
>> with, well, the DoD, gambled and lost.
>> 
>> Mark.
>>

RE: DoD IP Space

2021-04-25 Thread Jean St-Laurent via NANOG 
This is true and very interesting, but the opposite is also true. 

They are now reachable from probably nearly anywhere and therefore open for 
business.  

Let's see what will slowly appear in shodan.io and shadowserver.org

Jean

-Original Message-
From: NANOG  On Behalf Of William 
Herrin
Sent: April 24, 2021 6:46 PM
To: Mel Beckman 
Cc: nanog@nanog.org
Subject: Re: DoD IP Space

On Sat, Apr 24, 2021 at 8:26 AM Mel Beckman  wrote:
> This doesn’t sound good, no matter how you slice it. The lack of 
> transparency with a civilian resource is troubling at a minimum.

You do understand that the addresses in question are not and have never been 
"civilian." They came into DoD's possession when this was all still a military 
project funded by what's now DARPA.

Personally, I think we may have an all time record for the largest honeypot 
ever constructed. I'd love to be a fly on that wall.

Regards,
Bill Herrin



--
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: DoD IP Space

2021-04-25 Thread John Curran 
Mr. Beckman  - 

As noted by Mark Foster below, the listed contact information for the DoD 
address blocks is indeed correct, and (as you yourself confirmed) may be used 
to successfully contact the organization.  ARIN does not have the mandate to 
force any organization “to deal” with any other, but I can assure you that the 
contacts listed for the resources in the ARIN registry have been used to 
resolve actual technical problems without any difficultly. 

Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers


> On 25 Apr 2021, at 6:11 AM, Mark Foster  wrote:
> 
> Hi Mel,
> 
> I'd expect ARIN to hold them to account for complying with ARIN rules, if 
> they are subject.  In years gone by, I have been able to contact US DoD 
> organisations using published contact methods to address technical issues. So 
> even if there's technical non-compliance (which i'd agree should be 
> addressed), it could be a lot worse.
> 
> As for the DoD's accountability via your system of government, my view would 
> be that instead of bogon-filtering addresses legitimately appearing in your 
> BGP, with the justification being "they havn't before!", you could consider 
> asking them via channels. Like 
> https://open.defense.gov/transparency/foia.aspx for example.  But i'm not a 
> citizen of the United States, so will happily plead ignorance as to whether 
> this is likely to lead you to what you want to know or not.
> 
> In my country the government is also accountable to the people. But that 
> doesn't mean I would expect an Internet Service Provider to deliberately 
> sabotage the network access of their customers, either. Starts to feel like a 
> net neutrality argument again.
> 
> Mark.
> 
> PS: If DoD make use of IP address space that they legitimately hold, i'm not 
> sure you can call it a civilian resource, despite it interacting with 
> civilian counterparts.  Any consumable held by a military organisation is a 
> military resource and they'll make use of it based on their operational 
> requirements. The best comparison I could think of, would be fuel 
> (gasoline/petroleum/diesel/Jet-A1), all of which has both military and 
> civilian application.
> 
> On 25/04/2021 7:40 pm, Mel Beckman wrote:
>> Mark,
>> 
>> ARIN rules require every IP space holder to publish accurate — and effective 
>> —  Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, 
>> and as you can test for yourself. Your expectation that the DOD will 
>> “generally comply with all of the expected norms” is sorely naive, and 
>> already disproven.
>> 
>> As far as “why does anyone on the Internet need to publish to your arbitrary 
>> standards”, you seem to forget that in the U.S., the government is 
>> accountable to the People. Where a private company may not have to explain 
>> its purposes, the government most certainly does in the private sector. With 
>> these IP spaces being thrust into the civilian realm, yes, they owe the 
>> citizenry an explanation of their actions, just as they would if they had 
>> started mounting missile launchers on highway overpasses. It’s a direct 
>> militarization of a civilian utility.
>> 
>> Keep in mind that the U.S. Government — under all administrations — has 
>> shown that it will abuse every technical advantage it can, as long as it can 
>> do so in secret. Perhaps you’ve forgotten James Clapper, the former director 
>> of national intelligence, who falsely testified to Congress that the 
>> government does “not wittingly” collect the telephone records of millions of 
>> Americans. And he was just the tip of the iceberg. Before Clapper under 
>> Obama there was the Bush administration’s Stellar Wind" warrantless 
>> surveillance program. The list of government abuse of civilian resources is 
>> colossal .
>> 
>> Fighting against that isn’t political. It’s patriotic.
>> 
>>  -mel
>> 
>>> On Apr 25, 2021, at 12:02 AM, Mark Foster  wrote:
>>> 
>>> 
 On 25/04/2021 3:24 am, Mel Beckman wrote:
 This doesn’t sound good, no matter how you slice it. The lack of 
 transparency with a civilian resource is troubling at a minimum. I’m going 
 to bogon this space as a defensive measure, until its real — and detailed 
 — purpose can be known. The secret places of our government have proven 
 themselves untrustworthy in the protection of citizens’ data and networks. 
 They tend to think they know “what’s good for” us.
 
  -mel
 
>>> Why does anyone on the Internet need to publish to your arbitrary 
>>> standards, what they intend to do with their IP address ranges?
>>> 
>>> Failure to advertise the IP address space to the Internet (until now, 
>>> perhaps) doesn't make the address space any less legitimate, and though I'd 
>>> expect the DoD to generally comply with all of the expected norms around 
>>> BGP arrangements and published whois details, at the end of the day, they 
>>> can nominate who should originate it from

Re: DoD IP Space

2021-04-25 Thread Mark Foster 

Hi Mel,

I'd expect ARIN to hold them to account for complying with ARIN rules, 
if they are subject.  In years gone by, I have been able to contact US 
DoD organisations using published contact methods to address technical 
issues. So even if there's technical non-compliance (which i'd agree 
should be addressed), it could be a lot worse.


As for the DoD's accountability via your system of government, my view 
would be that instead of bogon-filtering addresses legitimately 
appearing in your BGP, with the justification being "they havn't 
before!", you could consider asking them via channels. Like 
https://open.defense.gov/transparency/foia.aspx for example.  But i'm 
not a citizen of the United States, so will happily plead ignorance as 
to whether this is likely to lead you to what you want to know or not.


In my country the government is also accountable to the people. But that 
doesn't mean I would expect an Internet Service Provider to deliberately 
sabotage the network access of their customers, either. Starts to feel 
like a net neutrality argument again.


Mark.

PS: If DoD make use of IP address space that they legitimately hold, i'm 
not sure you can call it a civilian resource, despite it interacting 
with civilian counterparts.  Any consumable held by a military 
organisation is a military resource and they'll make use of it based on 
their operational requirements. The best comparison I could think of, 
would be fuel (gasoline/petroleum/diesel/Jet-A1), all of which has both 
military and civilian application.


On 25/04/2021 7:40 pm, Mel Beckman wrote:

Mark,

ARIN rules require every IP space holder to publish accurate — and effective —  
Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, and as 
you can test for yourself. Your expectation that the DOD will “generally comply 
with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary 
standards”, you seem to forget that in the U.S., the government is accountable 
to the People. Where a private company may not have to explain its purposes, 
the government most certainly does in the private sector. With these IP spaces 
being thrust into the civilian realm, yes, they owe the citizenry an 
explanation of their actions, just as they would if they had started mounting 
missile launchers on highway overpasses. It’s a direct militarization of a 
civilian utility.

Keep in mind that the U.S. Government — under all administrations — has shown that 
it will abuse every technical advantage it can, as long as it can do so in secret. 
Perhaps you’ve forgotten James Clapper, the former director of national 
intelligence, who falsely testified to Congress that the government does “not 
wittingly” collect the telephone records of millions of Americans. And he was just 
the tip of the iceberg. Before Clapper under Obama there was the Bush 
administration’s Stellar Wind" warrantless surveillance program. The list of 
government abuse of civilian resources is colossal .

Fighting against that isn’t political. It’s patriotic.

  -mel


On Apr 25, 2021, at 12:02 AM, Mark Foster  wrote:



On 25/04/2021 3:24 am, Mel Beckman wrote:
This doesn’t sound good, no matter how you slice it. The lack of transparency 
with a civilian resource is troubling at a minimum. I’m going to bogon this 
space as a defensive measure, until its real — and detailed — purpose can be 
known. The secret places of our government have proven themselves untrustworthy 
in the protection of citizens’ data and networks. They tend to think they know 
“what’s good for” us.

  -mel


Why does anyone on the Internet need to publish to your arbitrary standards, 
what they intend to do with their IP address ranges?

Failure to advertise the IP address space to the Internet (until now, perhaps) 
doesn't make the address space any less legitimate, and though I'd expect the 
DoD to generally comply with all of the expected norms around BGP arrangements 
and published whois details, at the end of the day, they can nominate who 
should originate it from their AS and as long as we can see who owns it 
it's just not our business.

Any organisation who's used DoD space in a way that's likely to conflict with, 
well, the DoD, gambled and lost.

Mark.

Re: DoD IP Space

2021-04-25 Thread Christian de Larrinaga via NANOG 

Is the DoD still the owner?

On Sun 25 Apr 2021 at 10:24, Bill Woodcock  wrote:


On Apr 25, 2021, at 9:40 AM, Mel Beckman  
wrote:

It’s a direct militarization of a civilian utility.


I think I’d characterize it, rather, as a possible privatization 
of public property.


If someone builds a house in the middle of a public park, it’s 
not _what they’re doing in the house_ that concerns me.


-Bill



--
Christian de Larrinaga 
https://firsthand.net

Re: DoD IP Space

2021-04-25 Thread Bill Woodcock 


> On Apr 25, 2021, at 9:40 AM, Mel Beckman  wrote:
> It’s a direct militarization of a civilian utility.

I think I’d characterize it, rather, as a possible privatization of public 
property.

If someone builds a house in the middle of a public park, it’s not _what 
they’re doing in the house_ that concerns me.

-Bill



signature.asc
Description: Message signed with OpenPGP

Re: DoD IP Space

2021-04-25 Thread Mel Beckman 
Mark,

ARIN rules require every IP space holder to publish accurate — and effective —  
Admin, Tech, and Abuse POCs. The DOD hasn’t done this, as I pointed out, and as 
you can test for yourself. Your expectation that the DOD will “generally comply 
with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary 
standards”, you seem to forget that in the U.S., the government is accountable 
to the People. Where a private company may not have to explain its purposes, 
the government most certainly does in the private sector. With these IP spaces 
being thrust into the civilian realm, yes, they owe the citizenry an 
explanation of their actions, just as they would if they had started mounting 
missile launchers on highway overpasses. It’s a direct militarization of a 
civilian utility. 

Keep in mind that the U.S. Government — under all administrations — has shown 
that it will abuse every technical advantage it can, as long as it can do so in 
secret. Perhaps you’ve forgotten James Clapper, the former director of national 
intelligence, who falsely testified to Congress that the government does “not 
wittingly” collect the telephone records of millions of Americans. And he was 
just the tip of the iceberg. Before Clapper under Obama there was the Bush 
administration’s Stellar Wind" warrantless surveillance program. The list of 
government abuse of civilian resources is colossal . 

Fighting against that isn’t political. It’s patriotic.

 -mel 

> On Apr 25, 2021, at 12:02 AM, Mark Foster  wrote:
> 
> 
>> On 25/04/2021 3:24 am, Mel Beckman wrote:
>> This doesn’t sound good, no matter how you slice it. The lack of 
>> transparency with a civilian resource is troubling at a minimum. I’m going 
>> to bogon this space as a defensive measure, until its real — and detailed — 
>> purpose can be known. The secret places of our government have proven 
>> themselves untrustworthy in the protection of citizens’ data and networks. 
>> They tend to think they know “what’s good for” us.
>> 
>>  -mel
>> 
> 
> Why does anyone on the Internet need to publish to your arbitrary standards, 
> what they intend to do with their IP address ranges?
> 
> Failure to advertise the IP address space to the Internet (until now, 
> perhaps) doesn't make the address space any less legitimate, and though I'd 
> expect the DoD to generally comply with all of the expected norms around BGP 
> arrangements and published whois details, at the end of the day, they can 
> nominate who should originate it from their AS and as long as we can see who 
> owns it it's just not our business.
> 
> Any organisation who's used DoD space in a way that's likely to conflict 
> with, well, the DoD, gambled and lost.
> 
> Mark.
>

Fwd: Re: OOB management options @ 60 Hudson & 1 Summer

2021-04-25 Thread Lost Email Forwarder [Do Not Reply][DART-4276] via NANOG 
Before getting rid of the cellular based OOB, look into some more detail
about exactly what LTE modems are in those. I've seen some remarkable
results from equipment using the 600/700 bands (tmobile, verizon) for
getting signal into deeply buried concrete structures. There's a lot of
different types and capabilities of cellular data modems on the market.




On Thu, Apr 15, 2021 at 3:15 PM Matthew Crocker 
wrote:

>
>
> I have routers in both 60 Hudson St & 1 Summer St and I’m looking for some
> low cost bandwidth options for out of band management.  Currently I have
> Opengear boxes at each site with cell modems but they don’t work too well.
> I either need to replace them with new cell based devices or find a
> wireless/ethernet bandwidth option.   I only need a couple serial ports and
> ethernet for when everything breaks.
>
>
>
> I’m in DR space @ 60 Hudson and the Markeley MMR @ 1 Summer
>
>
>
> I’m surprised OOB bandwidth isn’t a feature for colocation providers.
>
>
>
> Thanks
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"security-email-redirect" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to security-email-redirect+unsubscr...@twitter.com.
To view this discussion on the web visit
https://groups.google.com/a/twitter.com/d/msgid/security-email-redirect/CAB69EHi%3D%2BAKTfd8NeMVaCvkEW0fucuLJ5QComNVxOeETc0YVcA%40mail.gmail.com

.

Re: DoD IP Space

2021-04-25 Thread Mark Foster 



On 25/04/2021 3:24 am, Mel Beckman wrote:
This doesn’t sound good, no matter how you slice it. The lack of 
transparency with a civilian resource is troubling at a minimum. I’m 
going to bogon this space as a defensive measure, until its real — and 
detailed — purpose can be known. The secret places of our government 
have proven themselves untrustworthy in the protection of citizens’ 
data and networks. They tend to think they know “what’s good for” us.


 -mel



Why does anyone on the Internet need to publish to your arbitrary 
standards, what they intend to do with their IP address ranges?


Failure to advertise the IP address space to the Internet (until now, 
perhaps) doesn't make the address space any less legitimate, and though 
I'd expect the DoD to generally comply with all of the expected norms 
around BGP arrangements and published whois details, at the end of the 
day, they can nominate who should originate it from their AS and as long 
as we can see who owns it it's just not our business.


Any organisation who's used DoD space in a way that's likely to conflict 
with, well, the DoD, gambled and lost.


Mark.