Re: Security issues based on post RIR allocation rules

[Mark Foster <blakjak () blakjak net>]

I'll simply endorse the 'stop judging an IP by it's RIR' approach. As a New Zealander (and APNIC is our RIR), having to 
convince  US institutions that our subnets should not be blocked simply because they're out of the same /8 as those 
used by other Asian nations with poorer IP address reputations , is a challenge because, well, a nation of 4.5M in the 
south Pacific is insignificant, right? :S

Also if the whole /8 doesn't sit within the same organisation or country, how is it smart to use it as any sort of 
differentiator?

Have banged my head against this one many times in my career to-date.

Mark.

On 12 December 2018 5:58:18 AM NZDT, Tony Finch <dot () dotat at> wrote:
> Spurling, Shannon <shannon () more net> wrote:
>
> > When I call a health care organization, or a web hosting provider,
> the
> > first thing I get is that they think we are trying to pull one over
> on
> > them and all these ranges must be in Africa or Asia. I show them the
> > ARIN information for the specific /16, and sometimes I can make some
> > headway. Sometimes there's no convincing them. This issue appears to
> be
> > getting worse over time, so I was wondering if some misguided
> > organization or group is going around pressing for the rules that are
> > triggering these issues?
>
> I'm somewhat inclined to blame poor `whois` implementations for this.
>
> Apart from `whois` being generally very crappy, there are specific
> issues
> on the server side and the client side which mean the human driving
> whois
> often needs a good deal of expertise to be able to properly track down
> the
> authoritative registration details for a netblock.
>
> On the server side, APNIC and RIPE do not return proper referrals for
> ERX
> netblocks. This is annoying, because they know which of the other RIRs
> is
> responsible for the registration - they have to get the reverse DNS
> information from the other RIR. Examples: 150.108.0.0 (an APNIC /8 but
> the
> /16 is allocated to Fordham University and managed through ARIN); and
> 141.111.0.0 (a RIPE /8 but the /16 is allocated to LANL and managed
> through ARIN).
>
> AfriNIC's whois server is more helpful: it seems to proxy queries to
> RIPE
> and APNIC as appopriate, and returns RDAP referrals for ARIN.
>
> On the client side, these days it is mostly possible to find the
> correct
> whois server to ask by following referrals from IANA. (In the past
> whois
> clients had to have a fairly large database of starting points.) A
> reasonably intelligent referral-oriented whois client can work around
> missing referrals for early netblock allocations by guessing, which
> usually means restarting with ARIN. But in practice most whois clients
> are
> pretty stupid, and the referral-oriented ones keep breaking when
> servers
> change. (e.g. I just found out AfriNIC's behaviour has changed since I
> last looked...)
>
> Tony.
> -- 
> f.anthony.n.finch  <dot () dotat at>  http://dotat.at/
> West Forties, Cromarty, Forth: Southerly or southeasterly 5 or 6,
> occasionally
> 7 in Cromarty. Moderate, becoming moderate or rough. Mainly fair. Good.

-- 
Sent from a mobile device.