Repeated Blacklisting / IP reputation
joelja at bogus.com
Sun Sep 13 04:49:42 UTC 2009
Frank Bulk wrote:
> With scarcity of IPv4 addresses, organizations are more desperate than ever
> to receive an allocation.
Factual evidence that pi allocation is in fact hard to obtain would be
required to support that statement. The fact of the matter is if you
have a legitimate application congruent with current policy you'll get
your addresses just like you would last year. Now if your business is
contingent on the availability of pi addressing resources obviously you
have a fiduciary responsibility to address that problem in short order.
> If anything, there's more of a disincentive than
> ever before for ARIN to spend time on netblock sanitization.
This whole thread seems to be about shifting (I.E. by externalizing) the
costs of remediation. presumably the entities responsible for the poor
reputation aren't likely to pay... So heck, why not ARIN? perhaps
because it's absurd on the face of it? how much do my fees go up in
order to indemnify ARIN against the cost of a possible future cleanup?
how many more staff do they need? Do I have to buy prefix reputation
insurance as contingent requirement for a new direct assignment?
> I do think that ARIN should inform the new netblock owner if it was
> previously owned or not.
We've got high quality data extending back through a least 1997 on what
prefixes have been advertised in the DFZ, and of course from the ip
reputation standpoint it doesn't so much matter if something was
assigned, but rather whether it was ever used. one assumes moreover that
beyond a certain point in the not too distant future it all will have
been previously assigned (owned is the wrong word).
> But if ARIN tried to start cleaning up a netblock
> before releasing it, there would be no end to it. How could they check
> against the probably hundreds of thousands private blocklist?
Note that they can't insure routability either, though as a community
we've gotten used to testing for stale bogon filters.
> -----Original Message-----
> From: JC Dill [mailto:jcdill.lists at gmail.com]
> Sent: Wednesday, September 09, 2009 5:40 PM
> To: NANOG list
> Subject: Re: Repeated Blacklisting / IP reputation
> They can (and IMHO should) determine the state it is in before they
> reallocate it. What happens next is obviously unpredictable but in
> reality an IP that isn't being blocked today and isn't being used (by
> anyone) is highly unlikely to be widely blocked between today and the
> day ARIN releases it for allocation to a new entity.
> They can hold IPs that are not suitable for re-allocation, or at least
> make the status of the IPs known to the new entity before asking the
> entity to take on the IP block, and perhaps offering a fee discount for
> "tainted" addresses. (Some users may not care if the IPs are "tainted",
> if, for instance they plan to use the IPs for a DUL pool. I have a
> friend who gets $5 off his cell phone bill because he has a phone number
> that starts with 666 - a number that many people prefer to avoid but
> which works fine for his purposes and he's quite happy to get the
> discount. :-)
> ARIN shouldn't allocate previously allocated IPs until they know the IPs
> are not widely blocked. Or to *at the very least* ARIN should disclose
> what they know about the IP space before they make it someone else's
> problem, and give the requesting entity an option to request a
> new/clean/unused/unblocked IP block instead.
More information about the NANOG