nanog mailing list archives

Previous By Date Next
Previous By Thread Next

IP Reputation

From: Mike Hammett <nanog () ics-il net>
Date: Fri, 25 May 2018 11:36:01 -0500 (CDT)
I would like to call on organizations that provide IP reputation information to have methods available for network 
operators to determine if they are on their lists, what their reputation is, what it means, optionally evidence, and a 
means of removal of negative information. Near real-time notice of changes in your status would be recommended as well. 
If those wants sound ridiculous, nearly that same list of wants is provided by e-mail SPAM DNSRBL maintainers so it 
isn't exactly unprecedented. 

I recently interacted with an organization that provides IP reputation information as a component in a larger security 
offering. A particular eyeball network couldn't get to a number of large web destinations. After some prodding of the 
company providing the security offering, it was determined that the prefix in question was because on a scale of 0 to 
10 with 0 being the best and 10 being the worst, that prefix had a score of 1. They claimed they could do nothing about 
it as their client (the web site being visited) had that in their control. That's a half-truth. The company providing 
that IP reputation put them on the list (for whatever reason), while the web site chose whatever metrics to block. 


Their proposed solution was to contact every web site there were issues with and request that they fix it. Okay, so an 
eyeball is supposed to reach out to dozens of major brands and get someone that understands the situation and can 
resolve it in a reasonable time frame? Most of these brands take days to address core things dealing with their core 
product or service, much less getting someone in IT to whitelist a prefix. I'm sorry, that's not a realistic solution. 

If not a proactive alert (like a SPAM feedback loop), they need an easy form to fill out and after some automated means 
of verification (ASN or IP whois contact lookup), spill the beans on who, what, where, why, and how to get it fixed. 

I'm not saying there was no valid reason to put them on the list. There's no easy way to determine that they're on the 
list, why, and any means of getting removed from the list when the problem is fixed. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP
Previous By Date Next
Previous By Thread Next

Current thread: