I'd be more than happy to see this, with the added caveat that anyone that returned address space to ARIN that was subsequently marked as 'contaminated', should undergo a review process when attempting to obtain new address space. Charge them for the review process Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests. Another option, is to hit them where it matters. Assign fines and fees for churning address space and returning it as contaminated. Set the fee's on a sliding scale based on the amount of contamination and churn. the more contamination, the higher the fee. Shawn Somers Michiel Klaver wrote: ---------
Message: 3 Date: Tue, 15 Sep 2009 11:57:58 +0200 From: Michiel Klaver <michiel@klaver.it> Subject: RE: Repeated Blacklisting / IP reputation, replaced by registered use To: "Azinger, Marla" <marla.azinger@frontiercorp.com>, John Curran <jcurran@arin.net>, "nanog@nanog.org" <nanog@nanog.org> Message-ID: <4AAF6526.9000904@klaver.it> Content-Type: text/plain; charset=UTF-8; format=flowed
I think ARIN is no party to contact all RBL's and do any cleanup of 'contaminated' address space. The only steps ARIN might do are:
- When requesting address space, one should be able to indicate whether receiving previous used address space would be unwanted or not.
- When assigning address space, ARIN should notify receivers if it's re-used or virgin address space.
- When address space got returned to ARIN and there is evidence of abuse, they have to mark that address space as 'contaminated' and only re-assign that space to new end-users who have indicated to have no problem with that.
With kind regards,
Michiel Klaver IT Professional
I'd be more than happy to see this, with the added caveat that anyone that returned address space to ARIN that was subsequently marked as 'contaminated', should undergo a review process when attempting to obtain new address space. Charge them for the review process
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
Another option, is to hit them where it matters. Assign fines and fees for churning address space and returning it as contaminated. Set the fee's on a sliding scale based on the amount of contamination and churn. the more contamination, the higher the fee.
It would be problematic in some dimensions, but it seems that perhaps allowing them to return space in exchange for a larger block is part of the problem, and maybe part of the answer would be to make them retain the block and only allocate an additional block. Route table growth and all that, of course. An alternative could be to delegate them a larger "contaminated" block and allow them to incur the expense of cleaning it up(*). * And I say that kind of tongue-in-cheek, since I don't really believe it to be easy to clean up a block once it is contaminated, due to the sheer number of local blocks, etc., which may exist. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :( Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :( -Chris
so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to elsewhere)... Who gets to define "bad" - other than a blacklist operator? Are the common, consistent defintions of "contamination"? If these are social/political - recognise that while the ARIN region is fairly consistent in its general use and interpretation of law, there are known varients - based on soveriegn region. this whole debate/discussion seems based on the premise that there are well known, consistent, legally defendable choices for defining offensive behaviours. and pretty much all of history shows us this is not the case. (is or is not a mother nursing her child in public pornographic?) So - I suspect that in the end, a registry (ARIN) or an ISP (COMCAST) is only going to be able to tell you a few things about the prefix you have been handed. a) its virginal - never been used (that we know of) b) its been used once. c) it has a checkered past and it will be up to the receipient to trust/accept the resource for what it currently is or chose to reject it and find soliace elsewhere. --bill On Tue, Sep 15, 2009 at 04:31:04PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris
On Tue, Sep 15, 2009 at 4:46 PM, <bmanning@vacation.karoshi.com> wrote:
so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to elsewhere)...
as always, despite your choice in floral patterned shirts :) good comments/questions.
Who gets to define "bad" - other than a blacklist operator? Are the common, consistent defintions of "contamination"?
nope, each BL (as near as I can tell) has their own criteria (with some overlaps to be certain) and they all have their own set of rules that they either break at-will or change when it suits them. Their incentives are not aligned with actually getting the problem resolved, sadly... and they really don't have any power to resolve problems anyway.
If these are social/political - recognise that while the ARIN region is fairly consistent in its general use and interpretation of law, there are known varients - based on soveriegn region.
Yup, you don't like my business how about I move to the caymans where it's no longer illegal? :( The Internet brings with it some interesting judicial/jurisdictional baggage.
this whole debate/discussion seems based on the premise that there are well known, consistent, legally defendable choices for defining offensive behaviours. and pretty much all of history shows us this is not the case.
There are really two discussions, I think somewhere along the path they were conflated: 1) newly allocated from IANA netblocks show up to end customers and reachability problems ensue. (route-filters and/or firewall filters) 2) newly re-allocated netblocks show up with RBL baggage (rbls and smtp blocks at the application layer) For #1 there was some work (rbush and prior to that Jon Lewis 69block.org?) showing that folks 'never' alter their 'bogon route filters' or 'bogon access-list entries'. For #2 ARIN may have a solution in place, if it were more publicly known (rss feed of allocations, care of RS and marty hannigan pointers) that RBL operators could use to clean out entries in their lists providing a better service to their 'users' even, perish the thought!
(is or is not a mother nursing her child in public pornographic?)
or SI Swinsuit edition depending on the part of the world you are in, yes, or even YouTube videos, weee!
So - I suspect that in the end, a registry (ARIN) or an ISP (COMCAST) is only going to be able to tell you a few things about the prefix you have been handed.
a) its virginal - never been used (that we know of) b) its been used once. c) it has a checkered past
I actually don't think it's a help for ARIN to say anything here, since they can never know all the RBL's and history for a netblock, and they can't help in the virginal case since they don't run network-wide filters. A FAQ that says some of the above with some pointers to testing harnesses to use may be useful. Some tools for network operators to use in updating things in a timely fashion may be useful. Better/wider/louder notification 'services' for new block allocations from IANA -> RIR's may be useful. Not everyone who runs a router reads their local 'nog' list... Leo Vegoda does a great job tell us about RIPE allocations, Someone does the same for ARIN (drc maybe??) and I'm not certain I recall who's last announced APNIC block yahtzee. Where else is this data available? In a form that your avg enterprise network op may notice?
and it will be up to the receipient to trust/accept the resource for what it currently is or chose to reject it and find soliace elsewhere.
'solace elsewhere'... dude there is no 'elsewhere'. -Chris (and yes, I'm yanking your chain about the shirts...)
--bill
On Tue, Sep 15, 2009 at 04:31:04PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris
On Tue, Sep 15, 2009 at 09:34:14PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:46 PM, <bmanning@vacation.karoshi.com> wrote:
so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to elsewhere)...
as always, despite your choice in floral patterned shirts :) good comments/questions.
humph... at least I wear pants.
Who gets to define "bad" - other than a blacklist operator? Are the common, consistent defintions of "contamination"?
nope, each BL (as near as I can tell) has their own criteria (with
trick question... each ISP gets to define good/bad on their own merits or can outsource it to third parties.
1) newly allocated from IANA netblocks show up to end customers and reachability problems ensue. (route-filters and/or firewall filters)
2) newly re-allocated netblocks show up with RBL baggage (rbls and smtp blocks at the application layer)
you forgot #3 ... a "clean" IANA block that was "borrowed" for a while .. and already shows up in some filter lists.
So - I suspect that in the end, a registry (ARIN) or an ISP (COMCAST) is only going to be able to tell you a few things about the prefix you have been handed.
a) its virginal - never been used (that we know of) b) its been used once. c) it has a checkered past
I actually don't think it's a help for ARIN to say anything here, since they can never know all the RBL's and history for a netblock, and they can't help in the virginal case since they don't run network-wide filters.
not RBL specific ... a) this block came directly from IANA and has never been previously allocated in/through the IANA/RIR process b) this block has had one registered steward in recorded history c) this block has been in/out of the RIR/registry system more than once.
A FAQ that says some of the above with some pointers to testing harnesses to use may be useful. Some tools for network operators to use in updating things in a timely fashion may be useful. Better/wider/louder notification 'services' for new block allocations from IANA -> RIR's may be useful.
indeed - I'd like to see the suite extended to the ISPs as well, esp if such tricks will be used in v6land...
last announced APNIC block yahtzee. Where else is this data available? In a form that your avg enterprise network op may notice?
oh... I'd suggest some of the security lists might be a good channel.
and it will be up to the receipient to trust/accept the resource for what it currently is or chose to reject it and find soliace elsewhere.
'solace elsewhere'... dude there is no 'elsewhere'.
and yet... Jimmy and Warren Buffet will tell you its always 1700 somewhere.... and if that doesn't work, whip out the NAT and reuse 10.0.0.0 -again-.... :)
-Chris (and yes, I'm yanking your chain about the shirts...)
--bill
On Tue, Sep 15, 2009 at 04:31:04PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris
On Tue, Sep 15, 2009 at 10:29 PM, <bmanning@vacation.karoshi.com> wrote:
On Tue, Sep 15, 2009 at 09:34:14PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:46 PM, <bmanning@vacation.karoshi.com> wrote:
so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to elsewhere)...
as always, despite your choice in floral patterned shirts :) good comments/questions.
humph... at least I wear pants.
you have something against skirts? or dresses? always with the pants with you!! <shakey fist>
Who gets to define "bad" - other than a blacklist operator? Are the common, consistent defintions of "contamination"?
nope, each BL (as near as I can tell) has their own criteria (with
trick question... each ISP gets to define good/bad on their own merits or can outsource it to third parties.
sure... outsourcing in this case often happens without a real business relationship.
1) newly allocated from IANA netblocks show up to end customers and reachability problems ensue. (route-filters and/or firewall filters)
2) newly re-allocated netblocks show up with RBL baggage (rbls and smtp blocks at the application layer)
you forgot #3 ... a "clean" IANA block that was "borrowed" for a while .. and already shows up in some filter lists.
ok... but we can't ever really know that Verizon uses 114/8 and 104/8 internally can we? (and has/may leak this to external parties on occasion by mistake)
So - I suspect that in the end, a registry (ARIN) or an ISP (COMCAST) is only going to be able to tell you a few things about the prefix you have been handed.
a) its virginal - never been used (that we know of) b) its been used once. c) it has a checkered past
I actually don't think it's a help for ARIN to say anything here, since they can never know all the RBL's and history for a netblock, and they can't help in the virginal case since they don't run network-wide filters.
not RBL specific ...
a) this block came directly from IANA and has never been previously allocated in/through the IANA/RIR process b) this block has had one registered steward in recorded history c) this block has been in/out of the RIR/registry system more than once.
Ok, is this in the final email from hostmaster@ to 'enduser@'? or somewhere else? what's the recourse when someone says: "But I don't want a USED netblock, it my have the herp!" I'm trying to see if ARIN can say something of use here without raising its costs or causing extra/more confusion to the end-site(s).
A FAQ that says some of the above with some pointers to testing harnesses to use may be useful. Some tools for network operators to use in updating things in a timely fashion may be useful. Better/wider/louder notification 'services' for new block allocations from IANA -> RIR's may be useful.
indeed - I'd like to see the suite extended to the ISPs as well, esp if such tricks will be used in v6land...
last announced APNIC block yahtzee. Where else is this data available? In a form that your avg enterprise network op may notice?
oh... I'd suggest some of the security lists might be a good channel.
sure, most of those folks also read nanog-l, this won't also reach enterprise folk... (admittedly it's hard to reach 'everyone', but spammers seem to be able to...)
and it will be up to the receipient to trust/accept the resource for what it currently is or chose to reject it and find soliace elsewhere.
'solace elsewhere'... dude there is no 'elsewhere'.
and yet... Jimmy and Warren Buffet will tell you its always 1700 somewhere.... and if that doesn't work, whip out the NAT and reuse 10.0.0.0 -again-.... :)
ha... :( -chris
-Chris (and yes, I'm yanking your chain about the shirts...)
--bill
On Tue, Sep 15, 2009 at 04:31:04PM -0400, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris
and it will be up to the receipient to trust/accept the resource for what it currently is or chose to reject it and find soliace elsewhere.
'solace elsewhere'... dude there is no 'elsewhere'.
"elsewhere" = "designated transfer" https://www.arin.net/policy/nrpm.html#eight3 Do you get a premium for a "clean" /18? Lee
I think costs of maintaining an abuse helpdesk is a big factor here. I don't see many ISP's putting money and resources into an abuse helpdesk and this is because it is low cost to obtain a Netblock so why should one employ and build expertise on managing it. If you go to SpamHaus you will see a major ISP and their netblocks listed and associated with known spammers. What is this ISP doing about this? Nothing! My guess is that they look at their bottom $$ and look at Spamming customer A and say "crap we will be spending $$$ on this customer just to get them off SpamHaus so just leave it, we are afterall in the bandwidth business". If ARIN were to say to this major ISP that they wont allocate more addresses to them until they adhere to an AUP then maybe the game will change but the bigger question here is should ARIN get into this kind of policy. Zaid On Sep 15, 2009, at 1:31 PM, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris
On Tue, Sep 15, 2009 at 5:31 PM, Zaid Ali <zaid@zaidali.com> wrote:
I think costs of maintaining an abuse helpdesk is a big factor here. I don't see many ISP's putting money and resources into an abuse helpdesk and this is because it is low cost to obtain a Netblock so why should one employ and
have you ever had to re-number a customer, several customers, a hundred?? 'getting a new netblock is low cost' is hardly an accurate statement, especially if you keep in mind that you have to justify the usage of old netblocks in order to obtain the new one.
build expertise on managing it. If you go to SpamHaus you will see a major ISP and their netblocks listed and associated with known spammers. What is this ISP doing about this? Nothing! My guess is that they look at their
'nothing' that you can see? or nothing? or something you can't see or that's taking longer than you'd expect/like? There certainly are bad actors out there, but I think the majority are doing things to keep clean, perhaps not in the manner you would like (or the speed you would like or with as much public information as you'd like).
From the outside most ISP operations look quite opaque, proclaiming 'Nothing is being done' simply looks uneducated and shortsighted.
bottom $$ and look at Spamming customer A and say "crap we will be spending $$$ on this customer just to get them off SpamHaus so just leave it, we are afterall in the bandwidth business". If ARIN were to say to this major ISP that they wont allocate more addresses to them until they adhere to an AUP then maybe the game will change but the bigger question here is should ARIN get into this kind of policy.
doubtful that: 1) arin would say this (not want to be net police), 2) isp's couldn't show (for the vast majority of isps) that they are in fact upholding their AUP. -chris
On Sep 15, 2009, at 1:31 PM, Christopher Morrow wrote:
On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :(
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
-Chris
On Tue, Sep 15, 2009 at 09:22:02PM -0400, Christopher Morrow wrote:
build expertise on managing it. If you go to SpamHaus you will see a major ISP and their netblocks listed and associated with known spammers. What is this ISP doing about this? Nothing! ?My guess is that they look at their
'nothing' that you can see? or nothing? or something you can't see or that's taking longer than you'd expect/like? There certainly are bad actors out there, but I think the majority are doing things to keep clean, perhaps not in the manner you would like (or the speed you would like or with as much public information as you'd like).
[ engage cynical mode] It's the responsibilty of all operations to ensure that they're not persistent or egregious sources of abuse. *Some* operations handle that reasonably well, but unfortunately many do not -- which is why there are now hundreds of blacklists (of varying intent, design, operation, and so on). If ISPs et.al. were doing their jobs properly, there would be no need for any of these to exist. But they're not, which is why so many people have taken the time and trouble to create them. Overall ISP performance in re abuse handling is miserable and has been for many years, and that includes everything from a lack of even perfunctory due diligence ("30 seconds with Google") to failure to handle the abuse role address properly and promptly to alarming naivete' ("what did you THINK they were doing with an entire /24 full of nonsense domain names?") to deployment of "anti-spam" measures that make the problem worse and inflict abuse on third parties to... This is hardly surprising: there are few, if any, consequences for doing so, and of course it's far more profitable to not just turn a blind eye to abuse (which used to be common) but moreso these days to actively assist in it with a smile and a wink and a hand extended for the payoff, while simultaneously making a public show of "deep concern" and issuing press releases that say "We take the X problem seriously..." and participating in working groups that studiously avoid the actual problems -- or better yet, which invite well-known/long-time abusers to have a seat at the table. ---Rsk
Christopher Morrow wrote:
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
Being a crimnal enterprise there are some tools in your kit that a legitimate business does not have. The problems becomes, how the raising the legitimacy bar more effectively discriminates against legitimate entities then crimnal one's. If a discriminatory measure were for example to raise the bar for new entrants that, by it's nature represents an Internet scale tragedy. joel
-Chris
On Wed, Sep 16, 2009 at 12:08 AM, Joel Jaeggli <joelja@bogus.com> wrote:
Christopher Morrow wrote:
Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :(
Being a crimnal enterprise there are some tools in your kit that a legitimate business does not have. The problems becomes, how the
that was my point, yes.
raising the legitimacy bar more effectively discriminates against legitimate entities then crimnal one's.
If a discriminatory measure were for example to raise the bar for new entrants that, by it's nature represents an Internet scale tragedy.
I think we are in agreement on this issue, and the above actually. -Chris
I believe there is another side to that argument as well. If I operate a regional ISP and request address space for dynamic address pools I am aware of a few things: 1) I am fully aware that there is a chance a customer's system could become infected and generate millions of malicious messages/packets/ traffic. 2) I am also aware that it is possible that that one machine could have any number of IP addresses during the course of the week; therefore, it would be possible that they could 'contaminate' an entire /24 3) I know that if I'm made aware of the zombified machine that I'll disable access to the customer quickly; however, the damage has usually already been done. 4) Do I actually care if one of my dynamic address blocks are in a DNSBL? Not at all. They should be using my mail server anyways. Should I have to go through and make sure that every single IP address/block is 'clean' before returning the allocation to ARIN? I can say with utmost confidence "I don't care" because I no longer need them. If my ability to receive new allocations required that I clean up a dynamic address block before receiving a new one I would take better care of my blocks; however, it may be cheaper just to keep the old block (null route it) and ask for another one. The question becomes: Where do you draw the 'contamination' line? A network may be using a block well within what we would consider 'reasonable' usage; however, the block may become 'unusable' for certain purposes. Should they too be denied further address space? If thats the case every broadband provider out there should be cut off because they're customers keep getting infected and are used to DDOS/ SPAM/Exploit our networks. What I'm trying to say in a long-winded and round about way is simple --- The contamination doesn't always happen 'on purpose' or with any foresight and it may not be an entire block that is bad. Everyone is guilty at some point of having a few 'dirty' IPs on their network... and I'm sure all of us have left many dirty because god only knows where all it is blocked. On Sep 15, 2009, at 4:23 PM, Valdis.Kletnieks@vt.edu wrote:
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?
Shawn Somers wrote:
Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.
I couldn't disagree more with this kind of heckler's veto proposal. RBL operators should not be permited to set registry policy, even indirectly. The point of an RBL is that it operates consensually. I choose to use an RBL to filter something because I agree with the RBL's policy decisions. There is nothing inherently wrong with being added to an RBL, it simply indicates that the RBL's operators felt you met their policy for inclusion. If someone wants to make an RBL that lists people with "bad ideas", they are welcome to. Those who agree with them can have a "bad idea"-free internet. But it does not follow that there's any reason to punish those on the RBL, even if they do so intentionally, and even if that RBL listen would burden other owners of the block. Of course, they should not be permitted to launder their blocks either. Just as registries should not impose costs on people just for getting listed in an RBL, they should not impose costs on RBL-operators by helping people evade earned listings and forcing re-listings. DS
participants (11)
-
bmanning@vacation.karoshi.com
-
Brandon Lehmann
-
Christopher Morrow
-
David Schwartz
-
Joe Greco
-
Joel Jaeggli
-
Lee Howard
-
Rich Kulawiec
-
Shawn Somers
-
Valdis.Kletnieks@vt.edu
-
Zaid Ali