Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] IPv4 transfer abuses

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Mon Sep 14 07:23:38 UTC 2020


Hi Daniel,



The transfers policy in RIPE, in my opinion, is not a good one, and this article proves it.



There are two main reasons:
It is not based on “justified-need”, so a bad Internet actor willing to use the resources for abuse activities can get resources, misuse them for a while, now the resources are “dirty” and he can transfer them again and do the same with new “clean” resources.
The legacy resources transferred with this policy, stay as legacy, which is one more way to avoid fulfilling the policies, because legacy holders aren’t bind to the relevant RSAs.


This is why, the LACNIC proposal, which I authored, went in a different direction, trying to ensure that this doesn’t happens.



And this is why, my AFRINIC proposal goes into the same direction as the LACNIC one, while making sure at the same time that it is as close as possible to the existing Intra-RIR that we already have in AFRINIC, at the same time ensuring that the proposal is “reciprocal” (compatible) with the other regions so it really can work:



https://www.afrinic.net/policy/proposals/2019-ipv4-002-d4#proposal





Regards,

Jordi

@jordipalet







El 13/9/20 21:45, "Murungi Daniel" <dmurungi at wia.co.tz> escribió:



Good evening all,



I came across an interesting paper on RIPE labs which details abuse of IPv4 transfers (https://labs.ripe.net/Members/vgiotsas/a-first-look-at-the-misuse-and-abuse-of-ipv4-transfer-markets). A couple of highlights,



            - 85% of the transfer are Intra-RIR



            - Important proportion of transfers involved in malicious activities.



            - RIPE region shows biggest misuses inside the “sale” transfers



            - AFRINIC and Lacnic transfers did not show misuses.



The full document: https://eprints.lancs.ac.uk/id/eprint/139789/1/VGiotsas_PAM2020_IPv4_Transfers_abuse.pdf





What lessons can the RPD learn from this research? What can we do differently within the AFRINIC policy framework?





Regards,

Murungi Daniel









_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200914/51b1e4fe/attachment.html>


More information about the RPD mailing list