nanog mailing list archives
Re: Repeated Blacklisting / IP reputation, replaced by registered use
From: Douglas Otis <dotis () mail-abuse org>
Date: Tue, 15 Sep 2009 01:40:33 +0800
On 9/13/09 12:49 PM, joel jaeggli wrote:
Frank Bulk wrote:
[]
If anything, there's more of a disincentive than ever before for ARIN to spend time on netblock sanitization.This whole thread seems to be about shifting (I.E. by externalizing) the costs of remediation. presumably the entities responsible for the poor reputation aren't likely to pay... So heck, why not ARIN? perhaps because it's absurd on the face of it? how much do my fees go up in order to indemnify ARIN against the cost of a possible future cleanup? how many more staff do they need? Do I have to buy prefix reputation insurance as contingent requirement for a new direct assignm
Perhaps ICANN could require registries establish a clearing-house, where at no cost, those assigned a network would register their intent to initiate bulk traffic, such as email, from specific addresses. Such a use registry would make dealing with compromised systems more tractable.
I do think that ARIN should inform the new netblock owner if it was previously owned or not.We've got high quality data extending back through a least 1997 on what prefixes have been advertised in the DFZ, and of course from the ip reputation standpoint it doesn't so much matter if something was assigned, but rather whether it was ever used. one assumes moreover that beyond a certain point in the not too distant future it all will have been previously assigned (owned is the wrong word).But if ARIN tried to start cleaning up a netblock before releasing it, there would be no end to it. How could they check against the probably hundreds of thousands private blocklist?Note that they can't insure routability either, though as a community we've gotten used to testing for stale bogon filters.
The issues created by IPv4 space churn is likely to be dwarfed by eventual adoption of IPv6. Registering intent to initiate bulk traffic, such as with SMTP, could help consolidate the administration of filters, since abuse is often from addresses that network administrators did not intend. A clearing-house approach could reduce the costs of administering filters and better insure against unintentional impediments.
This approach should also prove more responsive than depending upon filters embedded within various types of network equipment. By limiting registration to those controlling the network, this provides a low cost means to control use of address space without the need to impose expensive and problematic layer 7 filters that are better handled by the applications. The size of the registered use list is likely to be several orders of magnitude smaller than the typical block list. Exceptions to the use list will be even smaller still.
This registry would also supplant the guesswork involved with divining meaning of reverse DNS labels.
-Doug
Current thread:
- Re: Repeated Blacklisting / IP reputation, (continued)
- Re: Repeated Blacklisting / IP reputation James Cloos (Sep 12)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 12)
- RE: Repeated Blacklisting / IP reputation Keith Medcalf (Sep 12)
- Message not available
- Message not available
- Re: Repeated Blacklisting / IP reputation JC Dill (Sep 08)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
- Re: Repeated Blacklisting / IP reputation Alex Balashov (Sep 08)
- Re: Repeated Blacklisting / IP reputation JC Dill (Sep 09)
- Re: Repeated Blacklisting / IP reputation Jay Hennigan (Sep 09)
- RE: Repeated Blacklisting / IP reputation Frank Bulk (Sep 12)
- Re: Repeated Blacklisting / IP reputation joel jaeggli (Sep 12)
- Re: Repeated Blacklisting / IP reputation, replaced by registered use Douglas Otis (Sep 14)
- RE: Repeated Blacklisting / IP reputation, replaced by registered use Lee Howard (Sep 14)
- Re: Repeated Blacklisting / IP reputation, replaced by registered use David Conrad (Sep 14)
- RE: Repeated Blacklisting / IP reputation, replaced by registered use Azinger, Marla (Sep 14)
- Re: Repeated Blacklisting / IP reputation Justin Shore (Sep 14)
- Re: Repeated Blacklisting / IP reputation Martin Hannigan (Sep 14)
- Re: Repeated Blacklisting / IP reputation Martin Hannigan (Sep 15)
- Re: Repeated Blacklisting / IP reputation Justin Shore (Sep 15)
- RE: Repeated Blacklisting / IP reputation Aaron Wendel (Sep 15)
- Re: Repeated Blacklisting / IP reputation Joe Maimon (Sep 09)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 09)