Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Repeated Blacklisting / IP reputation, replaced by registered use

  • From: Douglas Otis
  • Date: Mon Sep 14 13:43:03 2009
On 9/13/09 12:49 PM, joel jaeggli wrote:
Frank Bulk wrote:
[] 
If anything, there's more of a disincentive than ever before for
ARIN to spend time on netblock sanitization.


This whole thread seems to be about shifting (I.E. by externalizing)
the costs of remediation. presumably the entities responsible for the
poor reputation aren't likely to pay... So heck, why not ARIN?
perhaps because it's absurd on the face of it? how much do my fees go
up in order to indemnify ARIN against the cost of a possible future
cleanup? how many more staff do they need? Do I have to buy prefix
reputation insurance as contingent requirement for a new direct
assignm

Perhaps ICANN could require registries establish a clearing-house, where at no cost, those assigned a network would register their intent to initiate bulk traffic, such as email, from specific addresses. Such a use registry would make dealing with compromised systems more tractable.

I do think that ARIN should inform the new netblock owner if it was
previously owned or not.


We've got high quality data extending back through a least 1997 on
what prefixes have been advertised in the DFZ, and of course from the
ip reputation standpoint it doesn't so much matter if something was
assigned, but rather whether it was ever used. one assumes moreover
that beyond a certain point in the not too distant future it all will
have been previously assigned (owned is the wrong word).

But if ARIN tried to start cleaning up a netblock before releasing
it, there would be no end to it.  How could they check against the
probably hundreds of thousands private blocklist?


Note that they can't insure routability either, though as a community
we've gotten used to testing for stale bogon filters.

The issues created by IPv4 space churn is likely to be dwarfed by eventual adoption of IPv6. Registering intent to initiate bulk traffic, such as with SMTP, could help consolidate the administration of filters, since abuse is often from addresses that network administrators did not intend. A clearing-house approach could reduce the costs of administering filters and better insure against unintentional impediments.

This approach should also prove more responsive than depending upon filters embedded within various types of network equipment. By limiting registration to those controlling the network, this provides a low cost means to control use of address space without the need to impose expensive and problematic layer 7 filters that are better handled by the applications. The size of the registered use list is likely to be several orders of magnitude smaller than the typical block list. Exceptions to the use list will be even smaller still.

This registry would also supplant the guesswork involved with divining meaning of reverse DNS labels.

-Doug




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.