Net-block issues

In this text, I typo'd a cost issue; Net-block cost $1US/month/IP-address. A
/24 will cost $256/month, minimum.

From: Elisabeth Porteneuve []
Sent: Wednesday, August 15, 2001 1:58 AM

    The rivers of comments has been sent out about domain
    names, there is a dangereous silence about IP numbers.

It is with wry amusement that I have been following the MAPs debate, on
NANOG, recently. Then you make this comment, it couldn't dove-tail more
beautifully. Those that do not know what MAPs is, please review

The fundimental function is to create blacklists used for various filtering
of IP blocks. While this sounds innocuous on its face, MAPS has recently
announced intention of charging for their service, in order to raise money
for legal fees (they are under legal attack). Until now, Paul Vixie has been
the main funder of MAPs.

The problem is that MAPS was distributing the lists and there were many
local copies, within places like EarthLink and AOL. As long as those copies
are maintained by MAPS, this is not a serious problem. They have an
efficient and timely distribution mechanism. The result of an net-block
being listed in MAPS is that entire chunks of the Internet cannot reach that
net-block. This is done at the provider level. The effects are global in
that they over-ride ARIN, RIPE, and APNIC.

The problem arises when there are stale entries in the black-list. In fact,
the danger has always been, the issue of stale entries. The effect, given
MAPS market-share, is that a net-block can be issued, to a new business,
that may be perfectly useless and neither the ISP or the business knows
about it until it is too late. I might point out that a similar problem can
occur with DNs, so it is not entirely an PSO issue. There are now stale
entries, in abundance, because many providers are still evaluating the new
cost issues. Meanwhile, they have disconnected from the distro system and
aren't having their black-lists updated. Ergo, they have stale entries.

What this, in effect, does is to over-ride various registry policies. Names
and net-blocks that are issued may not, in fact, be issued. Names are not a
serious cost issue and they can, with some logistical difficulty, be
re-issued. However, net-blocks cost over $1US/month (at the ISP level), or
$2500/year from ARIN (the US registry), and they are not all that plentiful.

The fundimental process disconnect here is that, IMHO, the various
registries should be performing the MAPS function as part of their policy
enforcement mechanism. This is not written into any of the
registrar/registry agreements.

If anything argues for a centralised systems approach, the MAPS
functionality does. IMHO, this makes it an ICANN issue. Yes, this also
politicizes it somewhat. No, some NANOG denizens won't like it and that is

It is with wry amusement that I have been following the MAPs debate,
on NANOG, recently.

Indeed. Every time anything related to spam, or more specifically the
MAPS blackholes, makes its way to NANOG, all the net.k00ks come out of
the woodwork begging for sympathy, and remind us once again that they
lack the mental capacity needed to Do The Right Thing and get
themselves un-blackholed. Our mailboxes grow quickly despite the fact
that nothing interesting, or of operational relevance, is discussed.

Then you make this comment, it couldn't dove-tail more
beautifully. Those that do not know what MAPs is, please review

Those who continue to contribute to this nonsense, even though it's
gotten to the point where it's clearly off-topic and best suited for
spam-l, inet-access, or just about any list other than this one,
please review <;\.

[...] MAPS has recently announced intention of charging for their
service, in order to raise money for legal fees (they are under
legal attack).

Quick, time for us to contribute to their legal defense fund. It's
amazing just how how scary some of the individuals and organizations
pestering them with threats of gratuitous litigation are.

The problem is that MAPS was distributing the lists and there were
many local copies, within places like EarthLink and AOL. As long as
those copies are maintained by MAPS, this is not a serious problem.

As has been pointed out earlier, MAPS subscribers are required to stay
current. If they're not, perhaps it's time to enforce the terms of
their membership agreement, though I'd imagine this too requires a
good amount of time and money...

The result of an net-block being listed in MAPS is that entire
chunks of the Internet cannot reach that net-block. This is done at
the provider level.

Really? Are you aware of any large service providers _currently_
filtering transit customer egress/ingress using the MAPS RBL?

a net-block can be issued, to a new business, that may be perfectly
useless and neither the ISP or the business knows about it until it
is too late.

I'm sure many people do check newly allocated IP space before using
it, to confirm it's not in a commonly used blackhole list, and
nobody's filtering their route announcements (ie outdated and/or
misconfigured bogon filters). And those who don't, should.

If anything argues for a centralised systems approach, the MAPS
functionality does. IMHO, this makes it an ICANN issue. Yes, this
also politicizes it somewhat.

I think you're taking this way too seriously. What next, ringing up
the United Nations New World Order(tm) because some blackhole said boo
to you?


   Our mailboxes grow quickly despite the fact that nothing
interesting, or of operational relevance, is discussed.

    Is there a MAPS-like service that lists the email addresses of
  *whiners* so that mail from them can be dropped by the MTA? Or would
  this be more of an RBL/ORBS type service?

    Not that *I* mind getting whining email. It's rather
  entertaining... since I don't have to *do* anything about it. :slight_smile:
