RE: Hijacked Blocks

["Azinger, Marla" <marla.azinger () frontiercorp com>]

I haven't followed this entire string.  Are you saying ARIN is repeatedly handing out address space to known abusers?  
If that's the case then yes, some form of policy should be worked on. If on the administrative level ARIN is not 
researching returned blocks for abuse complaints and working to clean them up, then...I suppose policy could be 
proposed. I'm just not sure if that's really where the brunt of assignments to abusers is happening.

> From experience I learned the most effective place for abuse stopping is at the network level.  Back in 2001 my 
> network had serious problems with this.  Making a sale was more important than ensuring abuse didn't occur.  However, 
> I worked to install a policy that required customer review before assigning them address space.  If public records 
> showed abuse (which was really easy to find) or public records showed a business model that would be really only 
> something leading to abuse complaints then engineering had the veto power to not permit the potential customer onto 
> our network.  We managed to go from allot of abuse to essentially zero in 1 year.  Then we worked to clean up the 
> damaged blocks.

Granted, if a network or company goes out of business they wont care if the addresses are clean when they return them 
to ARIN.  So maybe this is where some proposal could focus.  Also, if this is a case where an entity is able to qualify 
for direct ARIN allocations and they are habitual at turning over because their business is essentially abusing the 
network, then policy could focus there as well.  Its easy to create a new company name, but from experience the owners 
name still stays the same for the most part, so a review of the company before allocation would catch that.

In reality, we would all benefit if policy to stop it before it happens and policy to clean it up before reissuing 
existed at the registry and the network level.  It would be interesting to see what legal and staff would have to say 
about taking those types of measures.

Controlling this type of abuse and the clean up of it is one of the older arguments for not permitting just anyone 
direct allocations from ARIN.  Abuse and clean up is better managed and cared for at the larger Network levels.  Im not 
looking to open a debate on this last comment.  ;o)  Its just something that popped into my head as to one of the 
explanations for why specific levels of qualifications for direct allocations from ARIN existed with IPv4.

My 2cents.  sorry if it seemed long

Cheers,
Marla Azinger
Frontier Communications
Sr Data Engineer



-----Original Message-----
From: Christopher Morrow [mailto:morrowc.lists () gmail com]
Sent: Monday, September 14, 2009 9:40 AM
To: Chris Marlatt
Cc: John Curran; nanog () nanog org
Subject: Re: Hijacked Blocks

On Mon, Sep 14, 2009 at 11:58 AM, Chris Marlatt <cmarlatt () rxsec com> wrote:
> Christopher Morrow wrote:
> > The end of the discussion was along the lines of: "Yes, we know this
> > guy is bad news, but he always comes to us with the proper paperwork
> > and numbers, there's nothing in the current policy set to deny him
> > address resources. Happily though he never pays his bill after the
> > first 12 months so we just reclaim whatever resources are allocated
> > then."  (yes, comments about more address space ending up on BL's
> > were made, and that he probably doesn't pay because after the first 3
> > months the address space is 'worthless' to him...)
> >
> > How should this get fixed? Is it possible to make policy to address
> > this sort of problem?
> >
> > -chris
>
> If this is the case one could argue that ARIN should be reserving this
> "worthless" address space to be used when they receive similar
> requests in the future. There's no reason personX should get fresh,
> clean address space when they make additional requests.

That implies some process changes inside ARIN (I think) and effectively saving 'your old space' for some period of time 
in escrow for you. This doesn't sound unreasonable, perhaps you put forth some policy verbiage on ppml?

-chris