a business opportunity?

Eric Brunner-Williams brunner at nic-naa.net
Sat Jul 5 23:37:18 CDT 2008


paul,

in another universe, the inhabitants are attempting to find some policy 
for dealing with what i'll call a temporally inconsistent name to 
address mapping, at a single, and also a second level of indirection. of 
course, just about everything that's ever been written (and re-written) 
on nanog about reputation and partition, whether w.r.t. port 25, or 
ports 53 and 80, appears to me to be relevant in this other universe.

eric


Paul Vixie wrote:
>> The real solution to the scorched earth problem is for aging from
>> blacklists to be dynamic.
>>     
>
> if we were designing a full internet system with reputation as a feature,
> then no doubt it would be like you're describing.  however, reputation
> systems are a private action by private right of action and each one will
> have its own cost:benefit considerations.  this means while it might be a
> good design overall, blacklist aging has to be in the interests of
> particular blacklist operators and subscribers, or it won't happen.  it
> generally does not happen, since it costs more value than it produces from
> the point of view of a given blacklist operator or subscriber.
>
> i think there's an argument to be made that this is inevitable.  every time
> any ISP has enforced any kind of numerical limits on abuse by one of its
> customers (like first hit's free, three strikes and you're out, and so on)
> the abusers have either rotated through providers or through identities
> fast enough to make their business run in spite of the limits, or they have
> merely counted these slaps on the wrist as part of the cost of doing
> business.  this means if blacklist entries all aged out, then abusers and
> their ISPs would simply rotate through a long chain of address blocks, and
> we'd see a lot of address space consumed on the "waiting for reprieve" list
> but it would not change the overall abuse growth rate at all.
>
> that's not in the interests of individual blacklist operators or subscribers,
> who want to control abuse growth rate.
>
>   
>> There's been some work done @ SRI on using a weighting algorithm that
>> includes things like prevalence, persistence, and "badness", with a
>> Gaussian decay function as to time, to establish cut levels for what
>> should be blocked.=20
>>
>> Look at Phil Porras work, and Usenix presentations.
>>     
>
> can you tell me, before i invest my own time in it, whether this work
> accounts for the inevitable rebalancing and planning adjustments that the
> abusers will make if each proposed policy were rolled out?  i fear that
> most studies in this area treat abuse like it was a natural phenomena and
> not the self-organized well-motivated thievery that it is.  abusers aren't
> going to sit still while we wrap them in a gaussian decay function.
>
>
>   





More information about the NANOG mailing list