nanog mailing list archives
Re: ARIN Fraud Reporting Form ... Don't waste your time
From: bmanning () vacation karoshi com
Date: Fri, 1 Oct 2010 13:07:50 +0000
On Fri, Oct 01, 2010 at 08:47:29AM -0400, David Miller wrote:
As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked... ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query: z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... -DM
Goodness me - I've seen that trick before. Worked for
about 15 minutes before I had legal camped out in the office.
Pulled it shortly there after.
I -think- what you are really after is the (fairly) new rPKI
pilot - where there are crypto-keys tied to each delegated
prefix. If the keys are valid, then ARIN (or other RIR) has
"sanctioned" thier use. No or Bad crypto, then the RIR has
some concerns about the resource.
the downside to this is that the RIR can effectivey cut off
someone who would otherwise be in good standing. Sort of
removes a level of independence in network operations. Think
of what happens when (due to backhoe-fade, for instance) you
-can't- get to the RIR CA to validate your prefix crypto? Do
you drop the routes? Or would you prefer a more resilient
and robust solution? YMMV here, depending on whom you are
willing to trust as both a reputation broker -AND- as the prefix
police.
The idea is that the crypto is harder to forge. DNS forging
is almost as easy as prefix "borrowing".
--bill
Current thread:
- ARIN Fraud Reporting Form ... Don't waste your time Ronald F. Guilmette (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Owen DeLong (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Ronald F. Guilmette (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Heath Jones (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Jeffrey Lyon (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time David Miller (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time bmanning (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time David Miller (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time William Herrin (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time David Miller (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Ronald F. Guilmette (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Christopher Morrow (Oct 01)
- Verifying route origins and ownership (Was: ARIN Fraud Reporting Form ... Don't waste your time) Jeroen Massar (Oct 01)
- Re: Verifying route origins and ownership (Was: ARIN Fraud Reporting Form ... Don't waste your time) Christopher Morrow (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Owen DeLong (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time bmanning (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Ronald F. Guilmette (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time bmanning (Oct 01)
- Re: ARIN Fraud Reporting Form ... Don't waste your time Justin M. Streiner (Oct 01)