On 22 Feb 2004, Robert E. Seastrom wrote:
"Michel Py" <michel@arneill-py.sacramento.ca.us> writes:
There is a regrouping of BGP feeds for various "questionable" hosts and networks around AS29467; That is actually not correct. The AS29467 will stay as being used for BOGON and similar data. It is quite likely that other ASNs would be used for other "questionable" hosts, possibly one for various anti-spam lists and other for yet more "questionable" hosts such as DoS sources, etc.
Current problem is that RIR policies are not allowing for ASNs to be allocated for this activity and they want it proven as working concept before addition of policy for this matters is considered (I have partially written draft for ARIN policy proposal that can change it but want to see how it works out with AS29467 first too; until then hopefull experimental resource policies can be used or ASNs would come from RIPE, which is more open to community needs in general)
read http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt and feel free to contact the authors.
It behooves the prospective user of said feed to read and understand draft-py, Which you do not appear to have done as the info you gave is either wrong (possibly based on rumors which are not correct) or is taken based on information that is coming from places other then the draft itself and is in the development stage.
carefully research the pedigree of the data sources that go into the soup, and draw his own conclusions - taking as conservative and discriminating an approach as he deems necessary in terms of what he accepts. There is no "soup" - mixing different lists into same one is discouraged. Its expected that specific filter-list route servers would carry one or more of one or more kinds of bgp filtering lists. The ASNs used would be either for certain concepts (like bogons) or for groups of route servers
The draft is not about data sources the draft about the changes that need to be done to the router software in handing BGP that would actually allow for use of outside BGP feed for filtering (or marking) routes (allowing for such feeds to come from AS numbers other then your own). Nothing in that draft is being done in real life yet and current bogon bgp feed implementatations are done through what can be called a bgp hack which breaks default route, causes leaks to outsiders if not properly filtered and has limitations on implementation. That draft discusses using distributed prefix filtering (which typically comes from IBGP peer to effect routes being sent to that peer) and extending that to allow routes from EBGP peer to effect routes coming from or going to other peers. The draft which was originally only for bogon filtering during private discussions between authors it was changed to be more general to be used for other situations, unfortunetly it does still suffer from being too BOGON specific and when draft was sent to IDR they immediatly complained about that too. It is however intention of the authors that any specifics about what is currently being done (and any urls mentioned) and examples to be taken as only the examples and not as part of the draft's discussed concept of distributing filtering filtering through BGP. that carry common feeds. Each route server group would have to be identified by differnt ASN and in order for that route server to carry multiple lists the lists are separated based on different communities which route server would identify through some website or by other means. It is up to the actual route server maintainer to decide which lists they would carry as being available for their users and futher up to the actual users to decide which of the lists available at the route server they would choose to use. Currently only bogon route server has been partially tested, there is nothing other then bogon lists that were tested under the brs, i.e. under the ASN29467. The lists that cymru is providing are not being done under this ASN and they also provide couple other "private" filtering lists, which I hope would stay under different ASN. I also tested couple other lists and also under different private ASN (and those are not currently in active production as I find current bgp filtering technique to be inadequate).
Wait, you say, filtering routes is easily done by any experienced user, right? Well, yes. Not everyone's an experienced user, though. My primary concern here is one of education; the danger with a roll-up feed such as this one is that the default case is to accord equal credence to every blacklist; I find that most admins that decides on RBL lists are well educated about what lists they choose to use are (the end-users are however not always well informed about it and that is where most of the complaints are coming from). I suspect that BGP admins are by their nature even better educated and will likely do even more research prior to using anything.
the naive end-user would discover that not only had he signed up for the spiritual equivalent of MAPS (conservative, responsive, and responsible) Your knowledge of MAPS is somewhat historical. Its no longer considered responsive and is least effective of all spam lists and not well maintained and that is despite that its almost the only list that people are actually paying for. Nevertheless I'm certain many/most in the internet community are forever greatefull to MAPS for introducing this concept.
but also SPEWS (hard-to-reach, petty, vindictive, and probably going to list my home mail server or maybe my whole /24 in retalliation for casting them in a negative light in a public forum). As some know I'm not big fan of spews, I do not like their tactics of listing entire ISP blocks including users that have nothing to do with the particular spamming incidents (although their approach has certain effectiveness as seen for example in recent case with NAC). I do not however find it likely that they would list somebody just because of anti-spews comments, nor do other things you listed for them really apply as they do good research before listing blocks. There is also certain misconceptions between people who do not understand different "levels" in spews listings and complain that their block is listed eventhough it is often only being "watched" (which is a good reminder for ISP to pay closer attention to their abuse handling situation).
The different sources have different but commonly known communities.
... which are undocumented in draft-py itself, and among the URLs listed in Section 2 for more information, only Team Cymru offers a BGP community advisory on their web page. So, I must not be part of the "in-crowd" to know these "commonly known" communities...
It has been suggested that draft be rewritten and even more be removed from it to be less bogon specific and to only describe this kind of filtering in the concept with non-specific examples if possible. Do not take the draft to be directly associated with bogon route server or any other bgp filtering projects except that it describes how these kind of filtering services would operate. -- William Leibzon Elan Networks william@elan.net