Repeated Blacklisting / IP reputation, replaced by registered use
dotis at mail-abuse.org
Mon Sep 14 17:40:33 UTC 2009
On 9/13/09 12:49 PM, joel jaeggli wrote:
> Frank Bulk wrote:
>> If anything, there's more of a disincentive than ever before for
>> ARIN to spend time on netblock sanitization.
> This whole thread seems to be about shifting (I.E. by externalizing)
> the costs of remediation. presumably the entities responsible for the
> poor reputation aren't likely to pay... So heck, why not ARIN?
> perhaps because it's absurd on the face of it? how much do my fees go
> up in order to indemnify ARIN against the cost of a possible future
> cleanup? how many more staff do they need? Do I have to buy prefix
> reputation insurance as contingent requirement for a new direct
Perhaps ICANN could require registries establish a clearing-house, where
at no cost, those assigned a network would register their intent to
initiate bulk traffic, such as email, from specific addresses. Such a
use registry would make dealing with compromised systems more tractable.
>> I do think that ARIN should inform the new netblock owner if it was
>> previously owned or not.
> We've got high quality data extending back through a least 1997 on
> what prefixes have been advertised in the DFZ, and of course from the
> ip reputation standpoint it doesn't so much matter if something was
> assigned, but rather whether it was ever used. one assumes moreover
> that beyond a certain point in the not too distant future it all will
> have been previously assigned (owned is the wrong word).
>> But if ARIN tried to start cleaning up a netblock before releasing
>> it, there would be no end to it. How could they check against the
>> probably hundreds of thousands private blocklist?
> Note that they can't insure routability either, though as a community
> we've gotten used to testing for stale bogon filters.
The issues created by IPv4 space churn is likely to be dwarfed by
eventual adoption of IPv6. Registering intent to initiate bulk traffic,
such as with SMTP, could help consolidate the administration of filters,
since abuse is often from addresses that network administrators did not
intend. A clearing-house approach could reduce the costs of
administering filters and better insure against unintentional impediments.
This approach should also prove more responsive than depending upon
filters embedded within various types of network equipment. By limiting
registration to those controlling the network, this provides a low cost
means to control use of address space without the need to impose
expensive and problematic layer 7 filters that are better handled by the
applications. The size of the registered use list is likely to be
several orders of magnitude smaller than the typical block list.
Exceptions to the use list will be even smaller still.
This registry would also supplant the guesswork involved with divining
meaning of reverse DNS labels.
More information about the NANOG