IP Reputation Services

• Previous message (by thread): IP Reputation Services
• Next message (by thread): ICANN Survey on DNS Suffix Usage and New gTLD Delegation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 4, 2022 at 9:12 AM Laura Smith via NANOG <nanog at nanog.org>
wrote:

> On Monday, April 4th, 2022 at 15:37, Mike Hammett <nanog at ics-il.net>
> wrote:
>
> > I'm checking in to see what people think of IP reputation services.
>
> Pre-IPv6 I was always a little apprehensive of using them for general use
> because it was always a bit murky how they collected the IPs in the first
> place.
>
> Post-IPv6 I would think IP reputation services are fairly pointless. With
> people being given anything up to a /48 without question what are you going
> to do ? Block whole /48s ?
>

Yes.  Or /29s.  Or ASNs.  Depends on the scope of the abuse, and if the
provider is complicit.

One thing to keep in mind is data freshness.  For individual IPs (or /48s)
ownership can change frequently, so you need to make sure blocks expire in
a timely manner.  For /29s or ASNs this is less of a problem....

But... back back to the original question: consider trying to give each
customer a stable IP.  Rotating IPs frequently allows a single bad (or
compromised) customer to poison your entire IP-space.  Keeping them fixed
allows you to identify the problem and get them cleaned up.

Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220404/326910b0/attachment.html>

• Previous message (by thread): IP Reputation Services
• Next message (by thread): ICANN Survey on DNS Suffix Usage and New gTLD Delegation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]