Re: [apops] Fwd: [ppml] Policy Proposal 2003-2: Network Abuse]
- To: Philip Smith <pfs at cisco dot com>
- Subject: Re: [apops] Fwd: [ppml] Policy Proposal 2003-2: Network Abuse]
- From: Suresh Ramasubramanian <suresh at outblaze dot com>
- Date: Wed, 05 Mar 2003 08:27:10 +0530
- Cc: apops at apops dot net, sig-policy at lists dot apnic dot net
- In-reply-to: <18.104.22.168.2.20030305114913.03da8aa8@localhost>
- List-archive: <http://www.apnic.net/mailing-lists/apops/>
- List-help: <mailto:email@example.com?subject=help>
- List-id: Asia Pacific Operations Forum <apops.apops.net>
- List-post: <mailto:firstname.lastname@example.org>
- List-subscribe: <http://mailman.apnic.net/mailman/listinfo/apops>,<mailto:email@example.com?subject=subscribe>
- List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/apops>,<mailto:firstname.lastname@example.org?subject=unsubscribe>
- References: <email@example.com>
- Sender: firstname.lastname@example.org
Well, you could propose this, or something like this, as APNIC Policy at the next APNIC meeting in August? Why not, I'm sure some aspects would be quite useful for this part of the world?This is at APAN, Busan / South Korea?
BTW, I'm not an APNIC member, associate or otherwise, though I guess my employer (Outblaze) might have something like an apnic membership lying around.
The first four points sound easy enough, 5 and 6 sounds more of a challenge (who will regulate), and 7 could be a nightmare. 5 and 6 is all about proper operational practices anyway, and folks who actually are interested in providing a decent service to their5 and 6 - precious few people do it at least in Asia, which is a cause of concern.
This is being done at an IXP level though. I have seen LINX, for example, draft a best current policy for spam and net abuse handling, which its members agree to abide to. Somewhere on the LINX page, and I think it has been drafted by Rodney Tillotson of JANET-CERT.
Would it come within APNIC's purview to send out a BCP notice which it asks its members to abide to?
Nobody would object to the first few options I guess. They are slightly more drastic ways of implementing something that really needs to be done - cleaning out stale / bogus entries in the various RIRs, some of which at least are now being hijacked by spammers.
I believe at least one spammer has an ASN that aggregates large IP blocks (upto /19) that have lapsed when ISPs / other networks went out of business without returning their IP blocks.
customers will know about the nsp-security list (http://puck.nether.net/mailman/listinfo/nsp-security) as well as the INOC-DBA system (www.pch.net/inoc-dba). Not sure how that could fit into an RIR's policy, apart from being part of their educational process.Educational process is all that is possible for "requiring policy enforcement". If APNIC drafts a BCP and sends it out, it will be a small but significant step.
But the registries will do us abuse admins a HUGE service by cracking down on downright bogus / outdated data - keep finding that all over the place.
During the AP net abuse forum at APRICOT 2003, Paul Wilson (DG, APNIC) mentioned that abuse at apnic dot net was getting at least a couple of hundred complaints a day from people complaining about spam from APNIC delegated IPs. It might just be in their best interests to step in and take at least some proactive measures to handle this situation.