On Tue, Sep 15, 2009 at 4:46 PM, <bmanning@vacation.karoshi.com> wrote:
so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to elsewhere)...
as always, despite your choice in floral patterned shirts :) good comments/questions.
Who gets to define "bad" - other than a blacklist operator? Are the common, consistent defintions of "contamination"?
nope, each BL (as near as I can tell) has their own criteria (with some overlaps to be certain) and they all have their own set of rules that they either break at-will or change when it suits them. Their incentives are not aligned with actually getting the problem resolved, sadly... and they really don't have any power to resolve problems anyway.
If these are social/political - recognise that while the ARIN region is fairly consistent in its general use and interpretation of law, there are known varients - based on soveriegn region.
Yup, you don't like my business how about I move to the caymans where it's no longer illegal? :( The Internet brings with it some interesting judicial/jurisdictional baggage.
this whole debate/discussion seems based on the premise that there are well known, consistent, legally defendable choices for defining offensive behaviours. and pretty much all of history shows us this is not the case.
There are really two discussions, I think somewhere along the path they were conflated: 1) newly allocated from IANA netblocks show up to end customers and reachability problems ensue. (route-filters and/or firewall filters) 2) newly re-allocated netblocks show up with RBL baggage (rbls and smtp blocks at the application layer) For #1 there was some work (rbush and prior to that Jon Lewis 69block.org?) showing that folks 'never' alter their 'bogon route filters' or 'bogon access-list entries'. For #2 ARIN may have a solution in place, if it were more publicly known (rss feed of allocations, care of RS and marty hannigan pointers) that RBL operators could use to clean out entries in their lists providing a better service to their 'users' even, perish the thought!
(is or is not a mother nursing her child in public pornographic?)
or SI Swinsuit edition depending on the part of the world you are in, yes, or even YouTube videos, weee!
So - I suspect that in the end, a registry (ARIN) or an ISP (COMCAST) is only going to be able to tell you a few things about the prefix you have been handed.
a) its virginal - never been used (that we know of) b) its been used once. c) it has a checkered past
I actually don't think it's a help for ARIN to say anything here, since they can never know all the RBL's and history for a netblock, and they can't help in the virginal case since they don't run network-wide filters. A FAQ that says some of the above with some pointers to testing harnesses to use may be useful. Some tools for network operators to use in updating things in a timely fashion may be useful. Better/wider/louder notification 'services' for new block allocations from IANA -> RIR's may be useful. Not everyone who runs a router reads their local 'nog' list... Leo Vegoda does a great job tell us about RIPE allocations, Someone does the same for ARIN (drc maybe??) and I'm not certain I recall who's last announced APNIC block yahtzee. Where else is this data available? In a form that your avg enterprise network op may notice?
and it will be up to the receipient to trust/accept the resource for what it currently is or chose to reject it and find soliace elsewhere.
'solace elsewhere'... dude there is no 'elsewhere'. -Chris (and yes, I'm yanking your chain about the shirts...)
--bill
On Tue, Sep 15, 2009 at 04:31:04PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris