[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Re: FYI - Suspension of Cogent access to ARIN Whois
From: Heather Schiller via NANOG <nanog () nanog ! org>
Date: 2020-01-27 20:30:50
Message-ID: CAEabp57xcFQYBU4ypkacfMjoi047qcqLR6bxhO_gPH471FAW-g () mail ! gmail ! com
[Download RAW message or body]
On Tue, Jan 7, 2020 at 8:50 AM John Curran <jcurran@arin.net> wrote:
> On 7 Jan 2020, at 5:01 AM, Martijn Schmidt via NANOG <nanog@nanog.org>
> wrote:
> >
> > Out of curiosity, since we aren't affected by this ourselves, I know of
> cases where Cogent has sub-allocated IP space to its customers but which
> those customers originate from their own ASN and then announce to multiple
> upstream providers.
> >
> > So while the IP space is registered to Cogent and allocated to its
> customer, the AS-path might be something like ^174_456$ but it's entirely
> possible that ARIN would observe it as ^123_456$ instead. Are such IP
> address blocks affected by the suspension?
>
> As noted earlier, ARIN has suspended service for all Cogent-registered IP
> address blocks - this is being done as a discrete IP block access list
> applied to relevant ARIN Whois services, so the routing of the blocks are
> immaterial - a customer using a suballocation of Cogent space could be
> affected but customers with their own IP blocks blocks that are simply
> being routed by Cogent are not affected.
>
>
"suspended service for all Cogent-registered IP address blocks" may be
causing a bit of confusion since ARIN offers many services.
From your response, it sounds like it's just an ACL to filter inbound p43
traffic to ARIN's whois service, from Cogent allocated prefixes. ARIN is
in the best position to tell who is directly scraping their db and whether
this is an effective counter measure.
Recent changes would show up easiest in bulk whois data. It's not clear
from your message whether they had a bulk whois agreement in place and the
status of that type of access. If so, revoking the API key would be a
better restriction mechanism than filtering prefixes from reaching
accountws.arin.net
I haven't look at where ARIN's TAL data is hosted, again depending on
how/where it's hosted and how a filter is implemented, it may or may not
impact access to the data.
deny $TOU_Violator any port 43
deny $TOU_Violator accountws.arin.net
deny $TOU_Violator any
These all have varying levels of impact. On the one hand I can understand
not wanting to disclose the specific action taken, on the other hand it
would be interesting to know what the scope of responses are for different
types of abuse.
> FYI,
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>
>
>
[Attachment #3 (text/html)]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Tue, Jan 7, 2020 at 8:50 AM John Curran <<a \
href="mailto:jcurran@arin.net">jcurran@arin.net</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">On 7 Jan 2020, at 5:01 AM, Martijn Schmidt via \
NANOG <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>> \
wrote:<br> > <br>
> Out of curiosity, since we aren't affected by this ourselves, I know of \
cases where Cogent has sub-allocated IP space to its customers but which those \
customers originate from their own ASN and then announce to multiple upstream \
providers.<br> > <br>
> So while the IP space is registered to Cogent and allocated to its customer, the \
AS-path might be something like ^174_456$ but it's entirely possible that ARIN \
would observe it as ^123_456$ instead. Are such IP address blocks affected by the \
suspension?<br> <br>
As noted earlier, ARIN has suspended service for all Cogent-registered IP address \
blocks - this is being done as a discrete IP block access list applied to relevant \
ARIN Whois services, so the routing of the blocks are immaterial - a customer using a \
suballocation of Cogent space could be affected but customers with their own IP \
blocks blocks that are simply being routed by Cogent are not affected. <br> \
<br></blockquote><div><br></div><div>"suspended service for all \
Cogent-registered IP address blocks" may be causing a bit of confusion since \
ARIN offers many services. </div><div><br></div><div>From your response, it \
sounds like it's just an ACL to filter inbound p43 traffic to ARIN's whois \
service, from Cogent allocated prefixes. ARIN is in the best position to tell who \
is directly scraping their db and whether this is an effective counter measure. \
</div><div><br></div><div>Recent changes would show up easiest in bulk whois data. \
It's not clear from your message whether they had a bulk whois agreement in place \
and the status of that type of access. If so, revoking the API key would be a \
better restriction mechanism than filtering prefixes from reaching <a \
href="http://accountws.arin.net">accountws.arin.net</a></div><div><br></div><div>I \
haven't look at where ARIN's TAL data is hosted, again depending on how/where \
it's hosted and how a filter is implemented, it may or may not impact access to \
the data. </div><div><br></div><div></div><div>deny $TOU_Violator any port \
43</div><div>deny $TOU_Violator <a \
href="http://accountws.arin.net">accountws.arin.net</a><br></div><div>deny \
$TOU_Violator any<br></div><div><br></div><div>These all have varying levels of \
impact. On the one hand I can understand not wanting to disclose the specific \
action taken, on the other hand it would be interesting to know what the scope of \
responses are for different types of abuse. \
</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> FYI,<br>
/John<br>
<br>
John Curran<br>
President and CEO<br>
American Registry for Internet Numbers<br>
<br>
<br>
<br>
</blockquote></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic