Slashdot Mirror

This is absurd. It undermines the basic principles that led the internet grow up to the currect scale. Those who understand BGP and AS-es as well as Provider Independent and Provider Aggregatable Ip space, know this is the end. And the BGP tables are growing faster than most routers can hold anyway. No more soft inbound I quess... ;-) So whats next? I would like to have the .com domain structure... or what the heck, give me the root (.)

This is absurd. It undermines the basic principles that led the internet grow up to the currect scale. Those who understand BGP and AS-es as well as Provider Independent and Provider Aggregatable Ip space, know this is the end. And the BGP tables are growing faster than most routers can hold anyway. No more soft inbound I quess... ;-) So whats next? I would like to have the .com domain structure... or what the heck, give me the root (.)

At the last ripe meeting Peter Koch gave a presentation on what I think was a methodologically better survey as the one presented here. The survey is at: http://www.ripe.net/ripe/meetings/ripe-48/presenta tions/ripe48-dns-survey.pdf

Maybe I'm being over-cautious, but the wording at ripe would seem to suggest that you can't re-use the information in the DB. To me, it seems to be for single-level access (ie: I can use it individually, but I can't re-distribute it) and hostip would be effectively re-distributing a portion of the ripe DB if it took bulk data from it.

I do use 'whois' to check on bulk uploads, (and I'll do traceroutes to random IP's in the uploaded netblock as well) before loading a block of N records into the DB, but I think that's acceptable.

Simon.

At least one specific recommendation by a governing body for using hostmaster.example.com. as a DNS label to represent "hostmaster@example.com" can be found here, published well before this patent was filed.

This can also be seen in RFC 1912 (section 2.2), published in 1996.

These muppets have patented something published in one of the very standards they should be familiar with.

- J

Interestingly, the k root name server has been running Debian Linux for a year or two now and has not had any "creak". It gets about 1500 queries/second per machine (the root server is distributed geographically via anycasting, and at each site by load balancing), and receives all manner of ill-formed packets.

Other root servers seem to run Linux (use nmap if you're curious), but I don't know the people running them so I can't be sure.

Now admittedly this is a very specific type of service: it's a single application that all fits into memory.

We're going to be moving www.ripe.net and whois.ripe.net from Solaris to Linux in 2004. The WWW server gets about 20 hits/second as you can see here, and the whois server gets around 28 hits/second as you can see here. These have more complex usage, with disk I/O, new process creation, and so on. I wouldn't let these services migrate if I thought they would be unstable.

Interestingly, the k root name server has been running Debian Linux for a year or two now and has not had any "creak". It gets about 1500 queries/second per machine (the root server is distributed geographically via anycasting, and at each site by load balancing), and receives all manner of ill-formed packets.

Other root servers seem to run Linux (use nmap if you're curious), but I don't know the people running them so I can't be sure.

Now admittedly this is a very specific type of service: it's a single application that all fits into memory.

We're going to be moving www.ripe.net and whois.ripe.net from Solaris to Linux in 2004. The WWW server gets about 20 hits/second as you can see here, and the whois server gets around 28 hits/second as you can see here. These have more complex usage, with disk I/O, new process creation, and so on. I wouldn't let these services migrate if I thought they would be unstable.

The critical thing to understand with ENUM is that it mirrors the existing phone number hierarchy, beginning at the country code level. Consequently, the same entities that handle phone numbers, beginning with the ITU and ending with your local telco, are the same entities that have the authority to approve delegations within the ENUM (e164.arpa) domain.

The mention of Neustar in the article, whilst not explicit, is for Neustar to handle further delegations within 1.e164.arpa. But why should Neustar handle 1.e164.arpa anyway? Well, Neustar is the company that is currently entrusted with the NANPA (North American Numbering Plan Administration), which is the entity that the ITU has recognised as handling phone country code '1'. Obviously, it makes sense for Neustar to also handle this, and you'd think that it wasn't a big deal.

Curiously, it was enough of a deal for the US Government to formally request that the ITU or the RIPE NCC not delegate 1.e164.arpa to any entity back in April 2002. So at the present time, as the ITU hasn't received any requests to delegate 1.e164.arpa, the RIPE NCC hasn't created the delegation. Hence the original article trying to raise awareness of enum to 'merkins.

The critical thing to understand with ENUM is that it mirrors the existing phone number hierarchy, beginning at the country code level. Consequently, the same entities that handle phone numbers, beginning with the ITU and ending with your local telco, are the same entities that have the authority to approve delegations within the ENUM (e164.arpa) domain.

The mention of Neustar in the article, whilst not explicit, is for Neustar to handle further delegations within 1.e164.arpa. But why should Neustar handle 1.e164.arpa anyway? Well, Neustar is the company that is currently entrusted with the NANPA (North American Numbering Plan Administration), which is the entity that the ITU has recognised as handling phone country code '1'. Obviously, it makes sense for Neustar to also handle this, and you'd think that it wasn't a big deal.

Curiously, it was enough of a deal for the US Government to formally request that the ITU or the RIPE NCC not delegate 1.e164.arpa to any entity back in April 2002. So at the present time, as the ITU hasn't received any requests to delegate 1.e164.arpa, the RIPE NCC hasn't created the delegation. Hence the original article trying to raise awareness of enum to 'merkins.

It is very interesting. Here is the above link with no cut&paste necessary.

The *maintainer* of Earthstation V's domain record is fom Israel. I do not know what this signifies.

To see this, go here and click on the mnt-by ("maintained by") link.

person: Moshe Maimone
address: 63 Saudia Gaon
Hertzlya, Israel
phone: +39247585
nic-hdl: MM9905-RIPE
mnt-by: SPEEDNET-MNT
changed: Speednet@email.com 20030508
source: RIPE

person: Motti Oran
address: 25 Hasivin Street
Petach Tikva, Israel 49170
phone: +039247585
fax-no: +039247736
mnt-by: SPEEDNET-MNT
notify: speednet@email.com
e-mail: motti@speed-net.com
nic-hdl: MO2551-RIPE
changed: speednet@email.com 20030105
source: RIPE

where does it mention me, hm?

There's a lot of info here too:
Arin
Ripe Ncc
Apnic
Lacnic

The RIPE Network Coordination Centre (RIPE NCC) is one of Four Regional Internet Registries (RIR) that exist in the world today, providing allocation and registration services that support the operation of the Internet globally.

The RIPE NCC performs activities primarily for the benefit of the membership in Europe, the Middle East, Central Asia and African countries located north of the equator. These are mainly activities that its members need to organise as a group, even though they may compete in other areas.

The services provided by the RIPE NCC ensure the fair distribution of global Internet resources in the RIPE NCC service region required for the stable and reliable operation of the Internet. This includes the allocation of Internet (IP) address space, autonomous system numbers and the management of reverse domain name space.

It seems RIPE have a One Day Introduction Course for "DNSSEC and related tools, and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zone"

It seems RIPE have a One Day Introduction Course for "DNSSEC and related tools, and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zone"

the current system of handing out addresses (which have no value as such and should not be charged for, although an administrative fee can be charged for setting it up, which quite a few ISP's do) is essentially global through RIPE NCC, APNIC, LACNIC and ARIN. So if China runs out, it means we have all run out.

Admittedly, the US has quite a bit of legacy space, but I'm sure that large chunks of it will be reclaimed for everyone, should the need arise.

In the US, the idea is still that the Internet is American, so the US will be ok. That is exactly why the ARIN region is (too) slow to pick up on IPv6.

Ofcourse, IPv6 may not happen in the end (there are still quite a few bugs to be ironed out by the IETF et al), but I hope it does, because NAT is getting old real fast. Port forwarding helps a little, but remains a hack at best. The pain of having several machines do the same things behind one IP address (ICQ, webserver, netmeeting) is simply not worth it when I can get over 65000 subnets (with billions of addresses in each one) assigned to me with IPv6.(Everyone that could subnet, should receive a /48 according to current policy, no extra charge)

We could then finally do all the things that we should have been able to now.

And currently, IPv6 is totally free. Everyone gives free transit to everyone, IPv6 is not taken into account with the fee that the RIR's charge their members (at least in the RIPE region, I think the other regions too).

This will change ofcourse, but IPv6 is already a major improvement over IPv4, the US will feel the pain of coming late everywhere if they don't prepare.

CC

A firewall program running on the PC is still not at the end, its between the application and internet.

Just install some anti-virus PCcillin and suddenly your LAN shares are disabled and no-one can connect to your ftp server. I spent an hour figuring out why the hell things didnt work on a friends PC, i was about to ask him call his ISP tech support and check if their ADSL modem do some NAT or acts as a firewall.

Pushing NAT solutions on customers is the standard these days it seems, charging a monthly-fee for every IP you need is also part of their business plan. Which system is of course optimized when it goes to administrative expenses so they get as much as possible (99.9% profit for every extra IP a sucker "borrows."

And no, if the ISP cant document their expenses, they have no right to take a monthly fee according to ripe 152

Like someone has pointed out before, address space is a global resource, and about 30% is available.

Asia (through APNIC) can use these as well as the US (through ARIN) or Europe (through RIPE NCC) can.

If 1 region runs out, we all run out.

CC

I've IPv6 enabled on all my machines, my upstream provider offers IPv6, and most of my former clients have IPv6 rolled out internally. It doesn't buy much for the moment, but I've noticed a large surge in interest over the last year in the techie community to learn all they can about IPv6. I know one guy who is staking his whole future on being the IPv6 guru.

Having been at several RIPE meetings and national Net Operator Group meetings, the biggest problem is getting peering and transit connections negotiated. IPv6 requires many things which were optional in IPv4, like multicast support end-to-end. Many of the clued ISPs and carriers in Europe now have IPv6 internally, and offer it to their clients. Larger ISPs are naturally lagging behind, because the techies have no voice in the business operations of big telcos, and the suits haven't heard enough to start asking their customers if they want it.

There was a chicken and egg problem, where ISPs weren't asking their customers about wanting IPv6, and customers not implementing it because it wasn't offered by IPSs. This has changed quite a bit in the last year, for two reasons. Big telcos rolling out 2.5G/3G mobile phone systems are using IPv6 internally, and smaller ISPs are looking for an edge in these lean times. My upstream ISP made a few announcements on internal mailing lists about offering IPv6 over IPv4 tunnels for testing purposes, and was overwhelmed by the response. They now have a few dedicated cisco routers, and allow a full IPv6 login without needing tunnels. The last I heard, almost 20% of their customers have taken up IPv6, mostly the businesses with clued techies and home experimenters. Other ISPs are now looking to roll out IPv6 soon, but the biggest problem is hammering out the peering/transit issues, not in the offer to customers.

The other delay is waiting for the IPv6 working groups at RIPE to get the registry database objects well defined and implemented, and a few other technical services like route servers and DNSSEC implemented. But the work is ongoing and will take a while until the backend issues get ironed out.

My bet is that, at least in Europe, there will be some mainstream buzz about IPv6 starting in 12 to 18 months. The early adopters like myself already run IPv6 alongside IPv4, most systems have it built in ready to go, and ISPs are getting up to speed.

the AC
Leaving for Barcelona friday

... and upon inspection, the address space is within the domain of RIPE which is odd for hardware inside the US. But, looking at the records...

inetnum: 80.15.249.0 - 80.15.249.239
netname: AKAMAI-FT-US
descr: Akamai Technologies - US machines connected to FT AS5511
country: US
...
source: RIPE

(b) IPv4 Sucks. Everyone will be assigned a unique IPv6 address.

How about one /48 prefix, or a /64 if you want to be cheap. There is plenty of space for that, and /128 (ONE IPv6 address) should only be used when it is known for sure that only one address i needed (see RFC3177).

Or if you ar thinking unique identifiers for people, you should be handing out some 64 bit or less suffix, which does not conflict with stuff like autoconfigured adresses on ethernet. Otherwise you will ruin route aggregation.

...but this story is crud on so many levels.

• 3FFE::/16 is the experimental 6bone space, where you try out allocation policies before settling on a real one. They've settled on a real one. Even better, it's the same in all three (er, four) regions. The 6bone's purpose is fulfilled , we're in production mode and, as was always intended, it's time to think about retiring it.
• How many times: IP address don't cost money. Sure, the RIRs charge for the service of allocation, and your ISP is entitled to charge for the services around them. They do their job pretty well, and with consensus of the community (a rarity in this day and age). Great as Bob Fink is, do you really want to continue trusting address allocation to one guy as a volunteer project?
• You get addresses from your ISP.
• You get addresses from your ISP.
• You get addresses from your ISP. There are loads of them. If you need them, you can have them. The expense is not in getting the damn addresses. "Experimental" does not mean "free". "Production" does not mean "business".
• AftanGustur: IPv6 is not a bastard protocol, routers don't need to fragment anymore, and the IETF is not working on a new damn protocol. You don't cite any sources, so I can't refute it. Please do.

Guys, there are a lot of misconceptions about IPv6. I appreciate this - it's not an intuitive subject, and it's possible to believe you know a lot more about it than you actually do. But, the details are there. Please do the reading and start asking your ISP for connectivity. No, your real ISP. There are people out there who want to deploy this, now, and we're waiting for customer demand. Go nuts!

Dave

...but this story is crud on so many levels.

• 3FFE::/16 is the experimental 6bone space, where you try out allocation policies before settling on a real one. They've settled on a real one. Even better, it's the same in all three (er, four) regions. The 6bone's purpose is fulfilled , we're in production mode and, as was always intended, it's time to think about retiring it.
• How many times: IP address don't cost money. Sure, the RIRs charge for the service of allocation, and your ISP is entitled to charge for the services around them. They do their job pretty well, and with consensus of the community (a rarity in this day and age). Great as Bob Fink is, do you really want to continue trusting address allocation to one guy as a volunteer project?
• You get addresses from your ISP.
• You get addresses from your ISP.
• You get addresses from your ISP. There are loads of them. If you need them, you can have them. The expense is not in getting the damn addresses. "Experimental" does not mean "free". "Production" does not mean "business".
• AftanGustur: IPv6 is not a bastard protocol, routers don't need to fragment anymore, and the IETF is not working on a new damn protocol. You don't cite any sources, so I can't refute it. Please do.

Guys, there are a lot of misconceptions about IPv6. I appreciate this - it's not an intuitive subject, and it's possible to believe you know a lot more about it than you actually do. But, the details are there. Please do the reading and start asking your ISP for connectivity. No, your real ISP. There are people out there who want to deploy this, now, and we're waiting for customer demand. Go nuts!

Dave

When the protocols we all use now were developed, everybody trusted each other. There wasn't a real need for advanced security options. Nowadays, with the current commercialization of the net (which also provides me with my income) it looks as if the commercials are winning. By commercials I mean those who have absolutely no respect for other peoples right or bandwith. Let's not forget that spam isn't the only problem: dos attacks are a real threat too.

Due to the original designs being not real secure, I'm quite sure that the spam problem can not be solved without fundamental changes in the way we use email nowadays. Perhaps the policy regarding blacklisting can be changed: at this moment most people accept mail from everybody, but not from a few blacklisted sites. It's likely that this will be changed: we don't accept your mail unless we know who you are. Unfortunately, even then there will always be people who will abuse it. Hopping from one account to another, or sue-ing every single ISP that has the guts to disconnect their connection after spamming. In short: it's not simply a technical matter, their will be a need of *globally equal* legislation too. Legislation alone won't do the trick either. No, it's time for Mr Geek to marry Miss LawAndOrder.

Don't forget that the IETF is not the first to attempt to find a solution. RIPE has its anti-spam workgroup for example.

I am working with BGP4 since 1996 and since then many things have been done. The breakdown in 1997 when the one ISP was sending half of the Internet as singel Class-C routes aint possible anymore.

All major ISPs do heavy route filtering on all their border routers. Even the small ones do it. They do it for one simple reason: They don't want to transport traffic nobody is paying for. So in essence the market has already taken care of the problem.

Also when you look at the RIPE database you'll see what the individual filters are. Klick here to see such a Routing Policy (Swisscom in this case). This is what the routers are enforcing.

The whole blabla about this BGPsec is useless and by nice engineering people who haven't got any clue how the network is managed and run nowadays. They propose to use DNS to authenticate the prefix announcements... How are you supposed to do that if you can't reach one of the DNS Root servers?

This entire BGP and security discussion is just some hyped non-issue and smells awfully like the
orange and banana alert bullshit the US government is so proud of...

--
Andre

• authoritative only makes for simpler software, higher performance, increased security, more robust software
• load/reload entire db, with very fast load times, and no incremental changes at runtime
• axfr offband (it is not clear how they do this, but it sounds as though nsd is not doing this, and neither does tinydns, it can be done better with other programs (such as rsync)) IIRC, many flames have ignited over tinydns's AXFR support (or supposed lack thereof), and it seems as though the nsd developers chose a design.

Out of the 15 or so e-mail addresses I have, I may only get 30-50 pieces of spam a day. Most of which arrives at my hotmail and yahoo accounts. The rest I track down and report to their ISP. :-)

I've found two good services for doing such:

ARIN homepage and RIPE's whois database.

I've heard this remark made before and though at first sight it seems to say something, it actually doesn't mean anything. MIT has a full /8, unfortunately. The whole republic of China doesn't. So What! If you look at these statistics of the joint RIR's than you will see that the whole world and their mother have more IP space than the Peoples Republic. :-) (ok, slightly exaggerated) But fact of the matter is that the Peoples republic shouldn't yet worry about not getting any IP-space.

For the last 10 years we have had the Regional Internet Registries in place, which deal with the IP-adress allocation. They have done a great job at conserving IP-space. Since they started their work, only 15% of the IP-space has been allocated, contrary to the 43% in pre-RIR times. If they continue to do their great job in the same way, we will hit critically low numbers of availability by 2010-15 and run out by 2030.

A start would be to take this list of IP address info (including country) and parse out just the IP's. I quickly scanned thru it and it looks like it only contains a handful of US entries, that you could easily remove.

I believe APNIC offers a similar list (I saw this last week, but forget the exact link) that you could scan thru as well.

Another option would be to grab the ARIN database of US entries (if it's even offered, and create a white list from that).

Almost, not quite.

ICANN stands for "Internet Corporation for Assigned Names and Numbers". It is a non-profit set up a few years back to take over the duties of the Internet Assigned Numbers Authority.

One of these is the clerical duty of assigning /8 blocks of global IPv4 address space and /16 blocks of IPv6 address space to each Regional Internet Registry as needed. The users of the address space decide policy, and it's this policy that the RIRs implement.

Another duty ICANN took over is maintenance of the DNS root (which has been the controversial part), and a third duty is maintenance of the list of protocol numbers (imagine a link to your /etc/services just here - something's stopping me posting triple-slash).

The IPs don't "belong" to the ISPs anyway - they are a communal shared resource. The mechanism of assigning blocks to ISPs is for routing and administrative convenience.

And they don't cost the ISPs anything per address - RIPE membership, for example, costs a flat fee no matter how many IP addresses they have allocated to them.

You can say "we paid %10000 to set up our network and have 1000 IPs, so thats %10 per IP", but to have 2000 IPs would still have cost them %10000.

% == generic currency symbol :-)

Most of this is to do with the Local-IR requests which fail (at least at RIPE) because you need three separate peers before they'll even consider it.

Then of course your upstream should be allocating from their PA block anyway. And since most upstreams aren't allocating IPv6 to end users...

...it's all a bit much really.

--

Most of this is to do with the Local-IR requests which fail (at least at RIPE) because you need three separate peers before they'll even consider it.

Then of course your upstream should be allocating from their PA block anyway. And since most upstreams aren't allocating IPv6 to end users...

...it's all a bit much really.

--

Anyone with a 100Mbps ethernet connection in a large office knows that the link speed alone is often not the limiting factor!

Furthermore, the assumption that the only, or primary, costs involved are the network termination equipment is simply incorrect. Yes, if we are talking about terminating a 10Gbps (or even 2.5Gbps) SONET or SDH circuits, there will be an expense. But, don't forget that the larger the network (i.e. the greater the number of "end-systems") the more intermediate systems (routers, switches, repeaters, etc) are required. Each one of these network elements then must be monitored and managed.

Now, if we assume that the service will be priced inexpensively enough for consumers to purchase, and that there is enough consumer demand for this sort of service; and if we can assume an inital customer penetration rate of, say between 1-10%, the number of network nodes in a city of 500000 is between 5000 and 50000. This is becoming a fairly expensive network to manage.

One possibility is that a city or other entity could build the fiber infrastructure and then lease "dark fiber" to service providers. This is the model deployed Stockholm, for instance. This approach has the advantage of shifting the expense of active network elements to the service providers, but now additional expense is introduced by separating the operation and repair of the fiber component from the transmission equipment (which still may be separated from the higher-level network-layer elements such as routers and servers).

Futhermore, consider the "peering problem" that will occur if many ISPs and internet users choose to interconnect with multiple IP networks: Through careful address allocation policies, the internet community (by means of regional routing registies like those provided by ARIN, RIPE-NCC, and APNIC) has constructed a hierarchical routing system that limits the growth of the size of routing tables on the core backbone routers in use on the internet. This is important for two reasons.

First, routers have a finite amount of memory. Even if memory is cheap, it still needs to be installed and perhaps increased from time to time. Each upgrade causes downtime as the router is taken out of service and upgraded.

Second, and perhaps more important, each provider advertises its network reachability information to others through a external routing protocol (BGP-4). The BGP process on each router must compute the shortest path to each network and inject that information in the router's fowarding table. The more complex the routing table, the longer BGP takes to update the fowarding table leading to network convergence issues. Also, since BGP-4 is mostly manually configured, an increase in complexity serval of orders of magnitide would require the development of new extensions to the system, this would be futher exasperated by the limitation currently imposed by the use of 16-bit autonomous system (AS) numbers which identify each administrative realm of routing policy. Someone will have to absorb the expense incured in the development and implementation of new rotuing protocols. Then, again, each core router will have to be upgraded.

Inexpensive broadband technology is still a-ways away. It will revolutionize the internet (and probably telecommunications, in general) when it becomes available, but that revolution itself will not be cheap.

In the Americas, go to ARIN; in Europe go to RIPE; in Asia and the Pacific, go to APNIC. (Some places, such as Mexico and Brazil, have separate arrangements.)

ARIN "allocate" numbers to ISPs and "assign" numbers to end users; but be warned that it costs Big Money to be assigned numbers directly (at least US$2,500 per year).

As you might have guessed from the article, APNIC seem to be cluefully ready to give out IPv6 addresses; ARIN are apparently talking about it.

> Hackersquest is in China

I'm not quite sure where you got your info but the TLD "ch" stands for Switzerland.
China's TLD is "cn".

You might want to check out
ftp://ftp.ripe.net/iso3166-countrycodes .txt

RedShirt
--

It does not really seem that they are not giving anymore IP addresses for IP-based virtual hosting. At ARIN, just like at RIPE, they are just _strongly_ discouraging IP-based virtual hosting, in favour of name-based VH. You can see her e for a discussion about IP-based VH at RIPE.

It does not really seem that they are not giving anymore IP addresses for IP-based virtual hosting. At ARIN, just like at RIPE, they are just _strongly_ discouraging IP-based virtual hosting, in favour of name-based VH. You can see her e for a discussion about IP-based VH at RIPE.

I do have a file of all IP blocks corresponding to network located in France, extracted from the RIPE database. It's not based on DNS. Of course, there are perhaps a few networks located in France that are not in that file, but the vast majority of them is inside.

Turning that file into a filter is just a matter of programming (I have other things to do now, but I might do it soon if needs be).

There are three very different questions at stake here, and most posts I see seem to mix them all randomly.

First, there is the question of how appropriate this French law is, that forbids the sale of Nazi items. Personally, I think it's a very stupid law. However, please mind when discussing this question that it is unrelated to the Internet, and also that we're talking French law. So the question should be discussed in that context. In fact, I don't think Slashdot is a very appropriate place to discuss that question (yet most posts I see which make any sense refer specifically to that question).

Second, there is the question of the applicability of the law of a certain country to a web site that is not located in that country. Personally, I think it shouldn't apply. However, please note in discussing that question that the nature of the law (good or bad) should not be a factor. Nor should the name of the country. If we agree that the good laws of the United States should apply to non-US sites on the net, then the evil laws of Western Turumumbolia (some obscure country you've never heard of) should apply just the same.

Third, there is the purely technical question of whether Yahoo! can, in fact, filter out (nearly all) French users from their site. And the answer, I think, is yes, it is technically possible. A friend of mine has downloaded the list of all IP blocks for France from the RIPE database: there are a little over 20000, and it would be a fairly simple hashtable lookup to filter them. We're working on a proof of concept. (Even though I must repeat that I disapprove of the use of the filtering. But that is an entirely different question, in fact two entirely different questions as I've just explained.) This would not filter all French users, but with a reasonable approximation it would.

Also, I do wish we had a little less gratuitous France-bashing and gallophobia around. Certainly we have a case of an absurd law, here, but every country has absurd laws, this is not news (I did not see much americanophobia surface every time the DMCA was mentioned, for example). More importantly, the France-bashing in question is utterly offtopic (relevant to none of the three questions I mentioned) and irrelevant (not to mention, a troll and flamebait to some extent).

You also have to keep in mind that ARIN, based in the US, allocates IPs, both for US-based entities and to overseas folks.

Err ... no, ARIN only allocates IPs for Canada, North America, and South America, hence "American Registry for Internet Numbers".

RIPE allocate IPs for Europe and Africa, whilst APNIC allocate addresses for the Asia Pacific regions, so the reliance on ARIN is not international. Obviously a proportion of root nameservers are located outside of the US too.

I used nslookup instead of dig, but..

That doesn't tell enough. It tells me that n1.dn.net is the SOA for 209.207.224/24 C-class. Which means that said IP-block is Verio's. But I couldn't find out whether the block containing .245 is registered to Verio and not delegated.

Eg. with RIPE whois I can check IP-delegation, eg. that a Finnish IP-block is registered to some organization, delegated from a larger block registered to Finnish ISP, and in the end part of RIPE block. All of this with whois.

Well said! Never mind the foreign laws are generally written in the naturalized language, not necessarily yours or mine! I think that if we could agree that the location of the server (not the author, but the server, as there can be many of the former but one of the latter) dictates which laws its content (and, thus, the author of that content) falls under, we'd all be much happier. As for all those people who worry about the creation of a country without content restrictions, the solution is pretty simple: don't allow (ie: firewall) your citizens/employees/students/etc to connect to hosts in that country! If you (as a legistator or voter) don't like the idea that in Country x one can post a racist webpage without fear of legal backlash, don't allow connections to that country. If people could agree on this, the problem would be non-existent: If you don't like it, censor it for your own people. If you don't believe in censoring, don't censor. The heart of the solution is that the IP number registries (not the domain registries) contain the country information. ARIN has the US numbers, RIPE has Europe, and so on. Turning up the resolution on the registration information so that it could be collated by country doesn't seem to be a monumental task (just a ``small matter of programming''). Am I smoking $3 crack, or does this make sense to the rest of you?

Start by attacking any ISP in the UK who offers internet service to this company. At this point, all it takes is threatening to file a law suit, and the ISP will yank their access. It is legitimate to use words such as 'libel', since they may in the near future try to claim someone a criminal, which could then be proven in court to be libelous. Words such as 'cracking attempts' and 'illegal probing' can also be tossed out truthfully. When netPD have exhausted all potential connections in the UK, they will be forced to move their entire operation to another country, and start over again. It will take some perseverence to take them down, but the community is large, and the number of ISPs willing to take a stand against baseless litigation is rapidly diminishing.

Complain to their upstream provider, about the excessive use of bandwidth caused by netPD. It might not get them blocked, but they could get bumped to a higher cost guaranteed bandwidth service, taking another chunk out of their revenue.

Track the methods they use to search napster, gnutella, and web sites. They are using some kind of spyder to crawl around and log hits based on their customer's heuristics. These bots/spyders could then be blocked at various points, freeing small sections of the internet from their insidious probing.

Enlist university administrators to help block netPD. Students who are running distributed file systems and fear being libeled or falsely accused by netPD should send a written request to the university network administrators to block outside access to netPD. Again, use carefully selected panic words 'illegal probing attempts', 'crack attack', and 'allowing netPD access could open the university to a lawsuit'. Tell them cracking/scanning attempts are coming from the subnet 62.254.209.128/25, and ask them to block it.

Create a standard template to exclude netPD from networks you control. Someone should write a one paragraph disclaimer which could be customised for each locale telling netPD to stay away, and promising to follow up any violations with a vigorous prosecution.

Bruce Ward, 23-year-old chief technology officer of NetPD sounds like this is a small failed Y2K pre-IPO company jumping onto a wave of free publicity. Not to put down 23-year-olds, but a company with an abrasive CTO like Bruse may not survive riding a big and dangerous tsunami very long, no matter how good surfers they think they are. He already rode another company into bankruptcy and several lawsuits.

He's been so bold as to register the address www.mp3police.com.
"We fully expect to upset people and our site will probably get hacked," he says.
This sounds likes a challenge to leave to the script kiddies. That server is physically located in a webhosting service in Dallas, Tx, USA, running a static page of Bruse's failed Y2K fixit company. Bruse has also registered mp3police.co.uk, which has been recorded scanning many legitimate sites, none of which are running napster or warez boards. Complaints have been circulating for a while, go scan deja for some more info. NetPD has even hit some totally innoculous honeypots and scanned them completely.

At this moment, netpd.com and netpd.net are still available from futuresite.register.com for a price :-) Any takers?

The challenge for those who want to see a free net is to attack netPD where it counts, their access, their financial well being, their status as vigilantes, and their reputation with any potential customers.

the AC

You might find the About RIPE page informative

I still use the classfulnaming, specifically because there's no good way to say /24 in Danish For those interested the's a complete guide to subnets at http://www.ripe.net/lir/services/subnet s.html

Posted by keyva:

While these are great stats, and I realize this is a global audience, it should be noted that "For this OS count the RIPE Host Count was used to collect host addresses"... RIPE, from what I can tell, is a coallition of European IP hosts, so I don't think any US data is included here...

RFC 1 is at ftp://ftp.ripe.net/rfc/rfc1.txt (among other places).
--

Some whois servers :
America
Asia Pacific
Europe.

arin.net link to "rs.internic.net for domain related information" is broken :(