Repeated Blacklisting / IP reputation

Jon Lewis jlewis at
Tue Sep 8 18:19:40 UTC 2009

On Tue, 8 Sep 2009, John Curran wrote:

>   I'm sure there's an excellent reason why these addresses stay
>   blocked, but am unable to fathom what exactly that is...
>   Could some folks from the appropriate networks explain why
>   this is such a problem and/or suggest additional steps that
>   ARIN or the receipts should be taking to avoid this situation?

Most small to midsize networks probably have a "block it and forget it" 
policy.  The facts that the spammer moved on, the IPs eventually got 
returned to the RIR and reallocated to a different network go unnoticed 
until the new LIR/ISP notifies those blocking the addresses that the 
addresses have changed hands.  Ideally, the network doing the blocking 
will know when they started blocking an IP, look at whois, and agree that 
the block no longer makes sense.  I'm sure some will have no idea when or 
why they started blocking an IP, and might be reluctant to unblock it. 
This assumes you can actually get in touch with someone with the access 
and understanding of the issues to have a conversation about their 
blocking.  Some networks make that nearly impossible.  I ran into such 
situations early on when trying to contact networks about their outdated 
bogon filters when got a slice of 69/8.

This blocking (or variations of it) has been a problem for about a decade.

I don't think there is any blanket solution to this issue.  Too many of 
the networks doing the blocking likely don't participate in any forum 
where the RIRs will be reach people who care and can do something.

  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ for PGP public key_________

More information about the NANOG mailing list