[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Repeated Blacklisting / IP reputation

Subject: Repeated Blacklisting / IP reputation
From: jlewis at lewis.org (Jon Lewis)
Date: Tue, 8 Sep 2009 15:01:57 -0400 (EDT)
In-reply-to: <[email protected]>
References: <[email protected]>

On Tue, 8 Sep 2009, Joe Greco wrote:

> It seems like it *could* be useful to have a system to notify of network
> delegation changes, but it also seems like if this was particularly
> important to anyone, then someone would have found a trivial way to
> implement at least a poor man's version of it.  For example, record
> the ASN of a blocked IP address and remove the block when the ASN
> changes...

That too, would be easily gamed by spammers.  Just get multiple ASN's and 
bounce your dirty IPs around between them to clean them.  The IP space 
being a direct (RIR->LIR) allocation having been made after the blocking 
was initiated is a pretty clear sign that the space has actually changed 
hands, and seems like it would be fairly difficult (if at all possible) to 
game.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Follow-Ups:
- Repeated Blacklisting / IP reputation
  - From: jgreco at ns.sol.net (Joe Greco)

References:
- Repeated Blacklisting / IP reputation
  - From: jgreco at ns.sol.net (Joe Greco)

Prev by Date: Repeated Blacklisting / IP reputation
Next by Date: Network Ring
Previous by thread: Repeated Blacklisting / IP reputation
Next by thread: Repeated Blacklisting / IP reputation
Index(es):
- Date
- Thread