IP Reputation Services
Damian Menscher
damian at google.com
Mon Apr 4 16:40:44 UTC 2022
On Mon, Apr 4, 2022 at 9:12 AM Laura Smith via NANOG <nanog at nanog.org>
wrote:
> On Monday, April 4th, 2022 at 15:37, Mike Hammett <nanog at ics-il.net>
> wrote:
>
> > I'm checking in to see what people think of IP reputation services.
>
> Pre-IPv6 I was always a little apprehensive of using them for general use
> because it was always a bit murky how they collected the IPs in the first
> place.
>
> Post-IPv6 I would think IP reputation services are fairly pointless. With
> people being given anything up to a /48 without question what are you going
> to do ? Block whole /48s ?
>
Yes. Or /29s. Or ASNs. Depends on the scope of the abuse, and if the
provider is complicit.
One thing to keep in mind is data freshness. For individual IPs (or /48s)
ownership can change frequently, so you need to make sure blocks expire in
a timely manner. For /29s or ASNs this is less of a problem....
But... back back to the original question: consider trying to give each
customer a stable IP. Rotating IPs frequently allows a single bad (or
compromised) customer to poison your entire IP-space. Keeping them fixed
allows you to identify the problem and get them cleaned up.
Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220404/326910b0/attachment.html>
More information about the NANOG
mailing list