network reputation [was: IP is...]
Gadi Evron
ge at linuxbox.org
Thu Jan 24 04:46:26 UTC 2008
On Thu, 24 Jan 2008, Fred Baker wrote:
>> I still think IP+timestamp doesn't imply what person did something
>
> it doesn't, no any more than the association of your cell phone with a cell
> tower conclusively implies that the owner of a telephone used it to do
> something in particular. However, in forensic data retention and wiretap
> procedures, the assumption is made that the user of a telephone or a computer
> is *probably* a person who normally has access to it.
Data retention and LEO compliance are serious issues for network
authorities to handle. The original topic was about IP addresses, though.
I'd like to try and go there from a different angle.
IP addresses however, "belong" to (allocated..) authorities such as
ISPs, and I would personally like to see some better AUP on what is
allowed to come from these. Practically.
I'd like to see some larger effort to make network reputation happen,
whether in making sure connections come from the real authority (BCP38 and
similar) or to be able to deny a network connectivity to our own back
yard.
I am not going for the "user activity is an ISP's responsibility" but
rather than a "misbehaving network should be treated as such". For
whatever definition of misbehaving we can accept. I want this to be more
about what this can do for us rather than some "this will be abused so
let's not do it" civil society discussion.
At first glance this appears off-topic for the thread, but operationally
network reputation and ownership is much more relevant than if people's
rights are being walked all over.
Security is a strong supporter of privacy as much as it is misused
as an excuse for infringing upon it.
Considering possibilities, other than avoiding spoofing, what would
network reputation which is reliable help us do operationally?
Gadi.
More information about the NANOG
mailing list