nanog mailing list archives
Re: "general badness" AS-based reputation system
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 26 Sep 2011 16:52:04 +0300
On 9/26/11 2:31 AM, Jimmy Hess wrote:
Sorry... what makes you think the problem with use of a AS-reputation systems is social and not technical? IP packets are not stamped with the numbers of any of the AS they transitted to reach your network. The IP protocol simply does not expose AS number information, therefore, for filtering purposes, you don't actually have the information....
Filtering is dangerous, especially when done with ASNs. There are many technical challenges and many levels of filtering, all are technical issues and policy decisions based on how bad it's needed. Let's not forget how dangerous it is to block a network just to find out that your customers no longer get service, that is a much bigger issue that figuring our what is out technically, IMO.
I am in agreement with you -- which is why I focus on the cultural aspect. Gadi.
Current thread:
- "general badness" AS-based reputation system Gadi Evron (Sep 25)
- Re: "general badness" AS-based reputation system Jimmy Hess (Sep 25)
- Re: "general badness" AS-based reputation system Gadi Evron (Sep 26)
- <Possible follow-ups>
- Re: "general badness" AS-based reputation system Manish Karir (Sep 25)
- Re: "general badness" AS-based reputation system Tom Vest (Sep 25)
- Re: "general badness" AS-based reputation system Manish Karir (Sep 25)
- Re: "general badness" AS-based reputation system Suresh Ramasubramanian (Sep 25)
- Re: "general badness" AS-based reputation system Tom Vest (Sep 26)
- Re: "general badness" AS-based reputation system Tom Vest (Sep 25)
- Re: "general badness" AS-based reputation system Gadi Evron (Sep 26)
- Re: "general badness" AS-based reputation system Serranos (Sep 28)
- Re: "general badness" AS-based reputation system Jimmy Hess (Sep 25)