Re: SpamHaus Drop List

[Paul Vixie <vixie () vix com>]

sean () donelan com (Sean Donelan) writes:

> Unfortunately, on today's Internet if you randomly picked a couple of 
> hundred network blocks of the same size you would see the same thing.

no.  really.  just not.  you'd have to search nonrandomly among thousands
or tens of thousands of netblocks to equal the russian business network.

> Lame delegations and brokeness is well distributed across the Internet.

that's not the kind of maliciousness i'm interested in avoiding.

> Unfortunately again, if you use your favorite search engine you will find
> several instances that read something like "we also have the DROP list in
> an ACL on our router, but we don't monitor it."  I  have found two year 
> old copies of the DROP list in networks.

that's an argument for not statically importing policy.

> Network blocks are regularly added *AND REMOVED* from the Spamhaus DROP 
> list.

and that's another.

nobody here is claiming that external policy should be "fired and forgot."
in fact, cymru's BOGON list comes with lots of disclaimers about how much
pain your successors will be in if you import these things and forget them.

> It can be useful if used correctly, it can be harmful if used incorrectly.

like anything else.  remember, all power tools can kill.  that's an argument
for using them correctly, more than it's an argument for living without them.
-- 
Paul Vixie