network reputation [was: IP is...]

Paul Ferguson fergdawg at netzero.net
Thu Jan 24 05:30:01 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Gadi Evron <ge at linuxbox.org> wrote:

>Security is a strong supporter of privacy as much as it is misused 
as an excuse for infringing upon it.
>

Very well stated. I agree completely.

>Considering possibilities, other than avoiding spoofing, what would 
network reputation which is reliable help us do operationally?
>

Having now worked on both IP source-spoofing issues [0] (e.g RFC2827)
and more recently dealing IP (and domain) reputation issues (Trend
Micro acquired the original MAPS spam RBL reputation service [1]), I
think I have a couple of thoughts on this that have relevance.

The one thing that merits attention with the MAPS/Trend RBL+ is
that we allow ISPs to literally "whitelist" dynamic address space,
which most people know as the DUL list [2].

The only real "ownership" issues that we pay attention to [3] are
the owners of the IP address space which source (via AS) the prefix,
and still allow ISPs to work within that framework (via the DUL, and
legitimate dynamic allocations).

Having said all that, it is my personal opinion that there is merit
in the notion that IP address can, and do, provide personally
identifiable information -- but the I suppose the jury is really
"out" on that, per se, in the United States.

And whether or not that is "bad" is reflects a larger, more political
question that we probably can't resolve on the mailing list.

$.02,

- - ferg

ref:
[0] http://www.ietf.org/rfc/rfc2827.txt
[1] http://www.mail-abuse.com/enduserinfo_rbl.html
[2] http://www.mail-abuse.com/enduserinfo_dul.html
[3] https://nssg.trendmicro.com/nrs/reports/rank.php?page=1

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHmCJRq1pz9mNUZTMRApVbAJkBVvAAWeJxP8GEVefacMjC/5CzSACfVP1t
w27WIBUMIskf7CXRXMOblt0=
=Wwm0
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/





More information about the NANOG mailing list