Purchased IPv4 Woes
savage at savage.za.org
Sun Mar 12 18:01:34 UTC 2017
On Sun, Mar 12, 2017 at 7:53 PM, Baldur Norddahl <baldur.norddahl at gmail.com>
> Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:
>> http == TCP
>> DNS == (usually) UDP
>> Big difference here. One requires a three way handshake tearup/teardown,
>> the other does not.
>> It is not an apples to apples comparison.
> You can replicate (download) the whole WHOIS if you need to. There is also
> no requirement that removal from reputation lists is instant. We would be
> good if it happened just within a month or even half a year. The situation
> now is however that you will never have it removed and many reputation
> services will ignore you if try to contact them for manual removal.
> At least in the RIPE managed space there IS a reliable way to know for
> sure who owns a block. Can you know that the new owner is any better than
> the old? Of course not, but that is true even for "fresh" address space.
> I am not a fan of reputation services that blacklist forever. It is just
> wrong and open for abuse of power. But not much I can do about that other
> than not using their service.
Also, no reason why a UDP (or DNS based even) query can't be implemented to
facilitate reputation lookups for ASNs, or even ownership.
More information about the NANOG