On Thu, Feb 02, 2012 at 05:57:23AM -0500, Robert E. Seastrom wrote:
>
> bmann...@vacation.karoshi.com writes:
>
> > I missed the part where ARIN turned over its address database
> > w/ associatedd registration information to the Fed ... I mean
> > I've always advocated for LEO access, but ther has been
> > significant pushback fromm the community on unfettered access
> > to that data. As I recall, there are even policies and
> > processes to limit/restrict external queries to prevent a DDos
> > of the whois servers. And some fairly strict policies on who
> > gets dumps of the address space. As far as I know (not very
> > far) bundling the address database -and- the registration data
> > are not available to mere mortals.
> >
> > So - just how DID the Fed get the data w/o violating ARIN policy?
>
> Hi Bill,
>
> In case you're not trolling here (occam's razor says I'm giving you
> too much credit), a few points:
>
> 1) There has been substantial involvement by Federal LE at ARIN PPMs
> in terms of pushing for policy that makes WHOIS data more accurate...
> including one person who served on the ARIN AC after he went to work
> in the private sector.
>
> 2) LE can type "show ip bgp" too and only needs to hit a whois server
> once per ASN.
>
> 3) There is a bulk whois policy. Whether "hi, we now have the
> reins of a compromised botnet or whatever and want to reach out to
> let people know that they're pwn3d" falls under the rubric of
> "Internet operational or technical research purposes pertaining to
> Internet operations" is left as an exercise to the reader.
>
> Section 3.1 of the NRPM says that Bulk Whois "... point of contact
> information will not include data marked as private."
>
> As I outlined in #2 above, a full or partial dump is not really
> something that's necessary.
>
> https://www.arin.net/resources/agreements/bulkwhois.pdf
>
> I'm pretty confident there were no policy violations here.
>
> -r
sigh... will have to look elsewhere for the tri-lateral commission.
/bill
