Re: Purchased IPv4 Woes

[Baldur Norddahl <baldur.norddahl () gmail com>]

They could watch the routing table and notice which ASN is actually using
the address space. In fact ASN reputation might work better than IP space
reputation.

Fact is that the current approach does nothing to stop spammers from
swapping space when they are done abusing one space. The argument that
clearing the slate for sold space would make it easy to game the system
does not hold. It is already trivial.

The sad fact is that entities like Spamhaus simply do not care. Not even
though they are not succeeding in hurting actual spammers. Not even though
they are making their own service less useful.

Regards

Baldur


Den 12. mar. 2017 16.41 skrev <valdis.kletnieks () vt edu>:

On Sun, 12 Mar 2017 11:11:41 -0400, "Chuck Church" said:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases?  If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start tailing me, because the car was once used for less than
legal
> purposes.  New owner, clean slate.

How does Spamhaus find out the block has been resold?

How do other DNS-based blacklist operators find out?

How do all the AS's that have their own internal blacklists find out that
they should fix their old listings?  (Note that this is the exact same
problem
as "We got blacklisted because of a bad customer, we axed the customer, but
we're still blacklisted", which has been a an unsolved problem for decades
now).

And it's awfully easy to game the system by just reselling the block between
a group of shell companies run by bad actors.