Repeated Blacklisting / IP reputation
Joe Greco
jgreco at ns.sol.net
Tue Sep 8 19:16:31 UTC 2009
> On Tue, 8 Sep 2009, Joe Greco wrote:
> > It seems like it *could* be useful to have a system to notify of network
> > delegation changes, but it also seems like if this was particularly
> > important to anyone, then someone would have found a trivial way to
> > implement at least a poor man's version of it. For example, record
> > the ASN of a blocked IP address and remove the block when the ASN
> > changes...
>
> That too, would be easily gamed by spammers. Just get multiple ASN's and
> bounce your dirty IPs around between them to clean them. The IP space
> being a direct (RIR->LIR) allocation having been made after the blocking
> was initiated is a pretty clear sign that the space has actually changed
> hands, and seems like it would be fairly difficult (if at all possible) to
> game.
Right, but they'll only do that if they're aware of such a system and it
is significant enough to make a dent in them. Further, it would be a
mistake to assume that *just* changing ASN's would be sufficient. The
act of changing ASN's could act as a trigger to re-whois ARIN for an
update of ownership, for example. The fact is that the information to
trigger a re-query of ownership upon a redelegation sort-of already
exists, though it is clearly imperfect.
My point was that if it was actually useful to "notice" when an IP
delegation moved, someone would already have made up a system to do this
somehow.
So my best guess is that there isn't a really strong incentive to pursue
some sort of notification system, because you could pretty much do it
as it stands.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG
mailing list