nanog mailing list archives
Re: FYI - Suspension of Cogent access to ARIN Whois
From: Heather Schiller via NANOG <nanog () nanog org>
Date: Mon, 27 Jan 2020 15:30:50 -0500
On Tue, Jan 7, 2020 at 8:50 AM John Curran <jcurran () arin net> wrote:
On 7 Jan 2020, at 5:01 AM, Martijn Schmidt via NANOG <nanog () nanog org> wrote:Out of curiosity, since we aren't affected by this ourselves, I know ofcases where Cogent has sub-allocated IP space to its customers but which those customers originate from their own ASN and then announce to multiple upstream providers.So while the IP space is registered to Cogent and allocated to itscustomer, the AS-path might be something like ^174_456$ but it's entirely possible that ARIN would observe it as ^123_456$ instead. Are such IP address blocks affected by the suspension? As noted earlier, ARIN has suspended service for all Cogent-registered IP address blocks - this is being done as a discrete IP block access list applied to relevant ARIN Whois services, so the routing of the blocks are immaterial - a customer using a suballocation of Cogent space could be affected but customers with their own IP blocks blocks that are simply being routed by Cogent are not affected.
"suspended service for all Cogent-registered IP address blocks" may be causing a bit of confusion since ARIN offers many services.
From your response, it sounds like it's just an ACL to filter inbound p43
traffic to ARIN's whois service, from Cogent allocated prefixes. ARIN is in the best position to tell who is directly scraping their db and whether this is an effective counter measure. Recent changes would show up easiest in bulk whois data. It's not clear from your message whether they had a bulk whois agreement in place and the status of that type of access. If so, revoking the API key would be a better restriction mechanism than filtering prefixes from reaching accountws.arin.net I haven't look at where ARIN's TAL data is hosted, again depending on how/where it's hosted and how a filter is implemented, it may or may not impact access to the data. deny $TOU_Violator any port 43 deny $TOU_Violator accountws.arin.net deny $TOU_Violator any These all have varying levels of impact. On the one hand I can understand not wanting to disclose the specific action taken, on the other hand it would be interesting to know what the scope of responses are for different types of abuse.
FYI, /John John Curran President and CEO American Registry for Internet Numbers
Current thread:
- Re: FYI - Suspension of Cogent access to ARIN Whois, (continued)
- Re: FYI - Suspension of Cogent access to ARIN Whois Dovid Bender (Jan 27)
- Re: FYI - Suspension of Cogent access to ARIN Whois Justin Wilson (Jan 27)
- Re: FYI - Suspension of Cogent access to ARIN Whois Darin Steffl (Jan 27)
- Re: FYI - Suspension of Cogent access to ARIN Whois Ross Tajvar (Jan 27)
- Re: FYI - Suspension of Cogent access to ARIN Whois Jared Mauch (Jan 07)
- Re: FYI - Suspension of Cogent access to ARIN Whois Joe Provo (Jan 08)
- Re: FYI - Suspension of Cogent access to ARIN Whois Tom Hill (Jan 09)
- Re: FYI - Suspension of Cogent access to ARIN Whois Rubens Kuhl (Jan 09)
- Re: FYI - Suspension of Cogent access to ARIN Whois Tom Hill (Jan 10)
- Re: FYI - Suspension of Cogent access to ARIN Whois Rubens Kuhl (Jan 10)
- Re: FYI - Suspension of Cogent access to ARIN Whois Heather Schiller via NANOG (Jan 27)