Security issues based on post RIR allocation rules

["Spurling, Shannon" <shannon () more net>]

Hey, I lurk a bit, and try to stay out of stuff if I can, but I've had a bout of problems that appear to have a common 
source.
I work in the Educational networking area, and a lot of our members are pre-RIR formation internet users. They have IP 
ranges that were allocated from the 150/8 through 170/8 blocks. Unfortunately, a bunch of those are part of the legacy 
ranges handled by APNIC and AFRINIC. Here in the US, mention of either of those makes security people have dreams of 
Nigerian princes and Korean/Chinese hackers.

Don't get me wrong, these are long term US based governmental and educational institutions. Bonified, accredited 
institutions. When I call a health care organization, or a web hosting provider, the first thing I get is that they 
think we are trying to pull one over on them and all these ranges must be in Africa or Asia. I show them the ARIN 
information for the specific /16, and sometimes I can make some headway. Sometimes there's no convincing them. This 
issue appears to be getting worse over time, so I was wondering if some misguided organization or group is going around 
pressing for the rules that are triggering these issues? Is there a public information forum that might be able to 
educate security administrators to not cut off wide swaths of the US internet from taking advantage of their products 
and services?

It's very frustrating

Thanks

Shannon Spurling

shannon () more net