On Wed, 17 Sep 2008, Christopher Morrow wrote:
On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron <ge@linuxbox.org> wrote:
On Wed, 17 Sep 2008, Skywing wrote:
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting.
We all want a "really really bad stuff" BGP feed for anyone who wants it, but the Internet is not ready for that.
hrm, so actually there's a lot of supporting infrastructure that is necessary (or could be necessary) to implement something of that sort in any decent sized network. Provided you wanted to sinkhole the trafffic off somewhere to 'do the right thing' not just null0 the traffic, of course.
There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from "someone else" whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens.
Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ...
How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made?
Chris, that does not solve the one issue you did not mention: liability. Gadi.
-Chris