On Thu, Feb 02, 2012 at 05:57:23AM -0500, Robert E. Seastrom wrote: > > bmann...@vacation.karoshi.com writes: > > > I missed the part where ARIN turned over its address database > > w/ associatedd registration information to the Fed ... I mean > > I've always advocated for LEO access, but ther has been > > significant pushback fromm the community on unfettered access > > to that data. As I recall, there are even policies and > > processes to limit/restrict external queries to prevent a DDos > > of the whois servers. And some fairly strict policies on who > > gets dumps of the address space. As far as I know (not very > > far) bundling the address database -and- the registration data > > are not available to mere mortals. > > > > So - just how DID the Fed get the data w/o violating ARIN policy? > > Hi Bill, > > In case you're not trolling here (occam's razor says I'm giving you > too much credit), a few points: > > 1) There has been substantial involvement by Federal LE at ARIN PPMs > in terms of pushing for policy that makes WHOIS data more accurate... > including one person who served on the ARIN AC after he went to work > in the private sector. > > 2) LE can type "show ip bgp" too and only needs to hit a whois server > once per ASN. > > 3) There is a bulk whois policy. Whether "hi, we now have the > reins of a compromised botnet or whatever and want to reach out to > let people know that they're pwn3d" falls under the rubric of > "Internet operational or technical research purposes pertaining to > Internet operations" is left as an exercise to the reader. > > Section 3.1 of the NRPM says that Bulk Whois "... point of contact > information will not include data marked as private." > > As I outlined in #2 above, a full or partial dump is not really > something that's necessary. > > https://www.arin.net/resources/agreements/bulkwhois.pdf > > I'm pretty confident there were no policy violations here. > > -r
sigh... will have to look elsewhere for the tri-lateral commission. /bill