Comment spammers chewing blogger bandwidth like crazy

Deepak Jain deepak at
Tue Jan 16 00:02:03 UTC 2007

>> If you allow anonymous, unauthenticated access to any system it will
>> be abused.  Auctions, blogs, chat, mail, phone, etc.  IP addresses
>> have never been good authenticators for applications.
> This is not true if you control the IP address space and the routers 
> around it.
> I mention this merely because "IP addresses have never been good 
> authenticators"
> or the like is becoming a truism. For ISPs with good source filtering in 
> place
> then IP addresses ARE good first level authenticators (e.g. filter lists
> on management ports). Note: I say FIRST level authenticators; IP 
> addresses are
> obviously not suitable as the whole authentication process.

I don't know why, but I feel the need to clarify some semantics. I am 
sure everyone involved in this discussion already knows what I am about 
to say.

I think the word "system" here is being abused and the context is changing.

IPs are reasonable in the authentication process for network-centric 
items (like routers, things that make up the lowest levels of the OSI 
stack). Systems here means routers, or the networks they make.

IPs are less reasonable the higher up the OSI stack you go. A web server 
may authenticate with IPs and find use in them. An application running 
on that web server is almost always going to find less value in that 
authentication since it is capable of more specific authentication 
(password, cookie, post rate limit, etc). This use approaches, but may 
not reach, the "zero" asymptote when you consider cases of applications 
running on private networks (VPNs, NAT networks, localhost, etc). System 
here means anything else, but almost never a router or the underlying 
network infrastructure.

Yes, Geotrack has given us some more detail (of varying levels of 
precision/accuracy) of where IPs come from. But pretty much IP level 
controls (IMO) should stay at the lowest levels of the OSI stack.

Ian looks to me like he was talking about routers & their neighbors. 
Which is a very NANOG charter way to look at things.

Sean looks like he was talking about everything else (applications and 
things in user space). All things things NANOGers support that pays for 
the pretty blinky lights.

I'm done. Hope that was mildly interesting or useful.


More information about the NANOG mailing list