Mailing List Archive

I do not believe ASN sharing is illegal or prohibited, it's not prohibited
in LACNIC and in APNIC policy I also could not find anything about ASN
sharing, only

APNIC policy states:
"2.3. Autonomous System (AS)
An Autonomous System (AS) is a connected group of one or more IP prefixes
run by one or more network operators under a single and clearly defined
routing policy.
2.3.1. Autonomous System Number (ASN)
An Autonomous System Number (ASN) is a unique two- or four-byte number
associated with an AS. The ASN is used as an identifier to allow the AS to
exchange dynamic routing information with other Autonomous Systems."

Nothing prohibiting ASN sharing and 2.3 specifically states "run by one or
more network operators... single routing policy"


Regards
George


On Tue, Mar 21, 2023 at 8:00?AM <nanog-request@nanog.org> wrote:

> Message: 19
> Date: Mon, 20 Mar 2023 16:24:09 -0400
> From: ayang@august.tw
> To: Collider <large.hadron.collider@gmx.com>
> Cc: nanog@nanog.org
> Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal
> network
> Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f95af@august.tw>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR
> policy violations, which include prohibited sharing of ASNs with third
> parties, IP hijacking, and malicious path prepending.
>
> Given this history, it is not surprising that Spamhaus would blacklist
> IP addresses associated with their ASN. In my opinion, such action is
> well-justified.
>
> Best regards,
> August Yang
>

RIPE NCC Requirements: End User Assignment Agreement states:

“End User may not sub-assign resources to third parties.”

Best regards,
August Yang

On 2023-03-21 13:12, George Toma wrote:
> I do not believe ASN sharing is illegal or prohibited, it's not
> prohibited in LACNIC and in APNIC policy I also could not find
> anything about ASN sharing, only
>
> APNIC policy states:
> "2.3. Autonomous System (AS)An Autonomous System (AS) is a connected
> group of one or more IP prefixes run by one or more network operators
> under a single and clearly defined routing policy.
> 2.3.1. Autonomous System Number (ASN)
> An Autonomous System Number (ASN) is a unique two- or four-byte number
> associated with an AS. The ASN is used as an identifier to allow the
> AS to exchange dynamic routing information with other Autonomous
> Systems."
>
> Nothing prohibiting ASN sharing and 2.3 specifically states "run by
> one or more network operators... single routing policy"
>
> Regards
> George
>
> On Tue, Mar 21, 2023 at 8:00?AM <nanog-request@nanog.org> wrote:
>
>> Message: 19
>> Date: Mon, 20 Mar 2023 16:24:09 -0400
>> From: ayang@august.tw
>> To: Collider <large.hadron.collider@gmx.com>
>> Cc: nanog@nanog.org
>> Subject: Re: Spamhaus flags any IP announced by our ASN as a
>> criminal
>> network
>> Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f95af@august.tw>
>> Content-Type: text/plain; charset=UTF-8; format=flowed
>>
>> Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to
>> RIR
>> policy violations, which include prohibited sharing of ASNs with
>> third
>> parties, IP hijacking, and malicious path prepending.
>>
>> Given this history, it is not surprising that Spamhaus would
>> blacklist
>> IP addresses associated with their ASN. In my opinion, such action
>> is
>> well-justified.
>>
>> Best regards,
>> August Yang

Well that's for end users. The company in question seems to be a Telecom
operator.
The RIPE model is a very strange and confusing one, where ISPs basically
become LIRs and they themselves assign ASNs and IPs, and there are 23000
LIRs in ARIN. Basically any ISP , webhosting company, datacenter or even a
trading company can become a LIR.

It's a very strange model which had just cost me 15 minutes of my time to
just dig into and get some basic understanding of it. I would not put my
hand in the fire that the OP is a LIR or not, but they are an ISP so I
would assume they are LIR and as such can reassign the IPs,a nd if they are
not LIR they can become one.

Anyway many of IP renting companies such as IPXO are RIPE-based, and those
who are ARIN or APNIC based also have subnets from RIPE region. If RIPE was
against subletting, the whole market would not exist with RIPE subnets.

Regards
George



On Tue, Mar 21, 2023 at 2:17?PM <ayang@august.tw> wrote:

> RIPE NCC Requirements: End User Assignment Agreement states:
>
> “End User may not sub-assign resources to third parties.”
>
> Best regards,
> August Yang
>
> On 2023-03-21 13:12, George Toma wrote:
> > I do not believe ASN sharing is illegal or prohibited, it's not
> > prohibited in LACNIC and in APNIC policy I also could not find
> > anything about ASN sharing, only
> >
> > APNIC policy states:
> > "2.3. Autonomous System (AS)An Autonomous System (AS) is a connected
> > group of one or more IP prefixes run by one or more network operators
> > under a single and clearly defined routing policy.
> > 2.3.1. Autonomous System Number (ASN)
> > An Autonomous System Number (ASN) is a unique two- or four-byte number
> > associated with an AS. The ASN is used as an identifier to allow the
> > AS to exchange dynamic routing information with other Autonomous
> > Systems."
> >
> > Nothing prohibiting ASN sharing and 2.3 specifically states "run by
> > one or more network operators... single routing policy"
> >
> > Regards
> > George
> >
> > On Tue, Mar 21, 2023 at 8:00?AM <nanog-request@nanog.org> wrote:
> >
> >> Message: 19
> >> Date: Mon, 20 Mar 2023 16:24:09 -0400
> >> From: ayang@august.tw
> >> To: Collider <large.hadron.collider@gmx.com>
> >> Cc: nanog@nanog.org
> >> Subject: Re: Spamhaus flags any IP announced by our ASN as a
> >> criminal
> >> network
> >> Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f95af@august.tw>
> >> Content-Type: text/plain; charset=UTF-8; format=flowed
> >>
> >> Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to
> >> RIR
> >> policy violations, which include prohibited sharing of ASNs with
> >> third
> >> parties, IP hijacking, and malicious path prepending.
> >>
> >> Given this history, it is not surprising that Spamhaus would
> >> blacklist
> >> IP addresses associated with their ASN. In my opinion, such action
> >> is
> >> well-justified.
> >>
> >> Best regards,
> >> August Yang
>

Firstly, it's worth noting that AS47158 was registered to
ORG-IL649-RIPE, which was not a LIR.

Additionally, LIRs do not assign ASNs to end users whereas RIPE does.
NIR in certain regions is another story.

End user may enter into a sponsorship agreement with LIR to receive ASN
assignment, still directly from NCC.

It's important to note that ASNs and IP resources have quite different
assignment policies, so the involvement of IP brokers is not relevant in
this particular case.

On 2023-03-21 2:33 p.m., George Toma wrote:
> Well that's for end users. The company in question seems to be a
> Telecom operator.
> The RIPE model is a very strange and confusing one, where ISPs
> basically become LIRs and they themselves assign ASNs and IPs, and
> there are 23000 LIRs in ARIN. Basically any ISP , webhosting company,
> datacenter or even a trading company can become a LIR.
>
> It's a very strange model which had just cost me 15 minutes of my time
> to just dig into and get some basic understanding of it. I would not
> put my hand in the fire that the OP is a LIR or not, but they are an
> ISP so I would assume they are LIR and as such can reassign the IPs,a
> nd if they are not LIR they can become one.
>
> Anyway many of IP renting companies such as IPXO are RIPE-based, and
> those who are ARIN or APNIC based also have subnets from RIPE region.
> If RIPE was against subletting, the whole market would not exist with
> RIPE subnets.
>
> Regards
> George
>
>
>
> On Tue, Mar 21, 2023 at 2:17?PM <ayang@august.tw> wrote:
>
> RIPE NCC Requirements: End User Assignment Agreement states:
>
> “End User may not sub-assign resources to third parties.”
>
> Best regards,
> August Yang
>
> On 2023-03-21 13:12, George Toma wrote:
> > I do not believe ASN sharing is illegal or prohibited, it's not
> > prohibited in LACNIC and in APNIC policy I also could not find
> > anything about ASN sharing, only
> >
> > APNIC policy states:
> > "2.3. Autonomous System (AS)An Autonomous System (AS) is a connected
> > group of one or more IP prefixes run by one or more network
> operators
> > under a single and clearly defined routing policy.
> > 2.3.1. Autonomous System Number (ASN)
> > An Autonomous System Number (ASN) is a unique two- or four-byte
> number
> > associated with an AS. The ASN is used as an identifier to allow the
> > AS to exchange dynamic routing information with other Autonomous
> > Systems."
> >
> > Nothing prohibiting ASN sharing and 2.3 specifically states "run by
> > one or more network operators... single routing policy"
> >
> > Regards
> > George
> >
> > On Tue, Mar 21, 2023 at 8:00?AM <nanog-request@nanog.org> wrote:
> >
> >> Message: 19
> >> Date: Mon, 20 Mar 2023 16:24:09 -0400
> >> From: ayang@august.tw
> >> To: Collider <large.hadron.collider@gmx.com>
> >> Cc: nanog@nanog.org
> >> Subject: Re: Spamhaus flags any IP announced by our ASN as a
> >> criminal
> >> network
> >> Message-ID: <5b7ed1b1fbff65dfc63d188c2e1f95af@august.tw>
> >> Content-Type: text/plain; charset=UTF-8; format=flowed
> >>
> >> Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to
> >> RIR
> >> policy violations, which include prohibited sharing of ASNs with
> >> third
> >> parties, IP hijacking, and malicious path prepending.
> >>
> >> Given this history, it is not surprising that Spamhaus would
> >> blacklist
> >> IP addresses associated with their ASN. In my opinion, such action
> >> is
> >> well-justified.
> >>
> >> Best regards,
> >> August Yang
>
--
Best regards
August Yang

Hello Barry,

Thanks for your blog.

I plan to block some ports on our router, which are shown in your blog.

> Step 1 on the list …. Deploy Exploitable Port Filtering on the edge of
> your network ….
>


Some of our routers use Linux as the operating system, so I plan to use
nftables to make some filtering rules.

Best,

*Brandon Zhi*
HUIZE LTD

www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter


This e-mail and any attachments or any reproduction of this e-mail in
whatever manner are confidential and for the use of the addressee(s) only.
HUIZE LTD can’t take any liability and guarantee of the text of the email
message and virus.


On Tue, 21 Mar 2023 at 00:11, Randy Bush <randy@psg.com> wrote:

> this company(s) is in the business of spam. they're just trying to
> game nanog. discussing further a waste of pixels.
>
> ranady
>