network reputation [was: IP is...]

Gadi Evron ge at linuxbox.org
Thu Jan 24 04:46:26 UTC 2008


On Thu, 24 Jan 2008, Fred Baker wrote:
>> I still think IP+timestamp doesn't imply what person did something
>
> it doesn't, no any more than the association of your cell phone with a cell 
> tower conclusively implies that the owner of a telephone used it to do 
> something in particular. However, in forensic data retention and wiretap 
> procedures, the assumption is made that the user of a telephone or a computer 
> is *probably* a person who normally has access to it.

Data retention and LEO compliance are serious issues for network 
authorities to handle. The original topic was about IP addresses, though. 
I'd like to try and go there from a different angle.

IP addresses however, "belong" to (allocated..) authorities such as 
ISPs, and I would personally like to see some better AUP on what is 
allowed to come from these. Practically.

I'd like to see some larger effort to make network reputation happen, 
whether in making sure connections come from the real authority (BCP38 and 
similar) or to be able to deny a network connectivity to our own back 
yard.

I am not going for the "user activity is an ISP's responsibility" but 
rather than a "misbehaving network should be treated as such". For 
whatever definition of misbehaving we can accept. I want this to be more 
about what this can do for us rather than some "this will be abused so 
let's not do it" civil society discussion.

At first glance this appears off-topic for the thread, but operationally 
network reputation and ownership is much more relevant than if people's 
rights are being walked all over.

Security is a strong supporter of privacy as much as it is misused 
as an excuse for infringing upon it.

Considering possibilities, other than avoiding spoofing, what would 
network reputation which is reliable help us do operationally?

 	Gadi.



More information about the NANOG mailing list