"general badness" AS-based reputation system
Having run one of these in the past, when take-downs of C&Cs was still semi-useful, my ethos on this is problematic, however, I am as of yet undecided as to this one. An AS-based reputation system for all sorts of badness: http://bgpranking.circl.lu/ In my opinion, third-party security based AS-reputation systems will eventually become de-facto border filtering systems for ISPs, but that day is still not here, as that is still socially unacceptable in our circles, and will remain so until it becomes _necessary_. Regardless of my musings of Operators World cultural future, this systems seems rather interesting, and no doubt you'd want to take a look at your listing. Gadi.
On Sun, Sep 25, 2011 at 10:37 AM, Gadi Evron <ge@linuxbox.org> wrote:
In my opinion, third-party security based AS-reputation systems will eventually become de-facto border filtering systems for ISPs, but that day is still not here, as that is still socially unacceptable in our circles, and will remain so until it becomes _necessary_.
Sorry... what makes you think the problem with use of a AS-reputation systems is social and not technical? IP packets are not stamped with the numbers of any of the AS they transitted to reach your network. The IP protocol simply does not expose AS number information, therefore, for filtering purposes, you don't actually have the information.... It's difficult to justify a complex AS-reputation system that would have limited effectiveness, and really, is little better than other reputation system methods (such as source address blacklisting) -- -JH
On 9/26/11 2:31 AM, Jimmy Hess wrote:
Sorry... what makes you think the problem with use of a AS-reputation systems is social and not technical?
IP packets are not stamped with the numbers of any of the AS they transitted to reach your network. The IP protocol simply does not expose AS number information, therefore, for filtering purposes, you don't actually have the information....
Filtering is dangerous, especially when done with ASNs. There are many technical challenges and many levels of filtering, all are technical issues and policy decisions based on how bad it's needed. Let's not forget how dangerous it is to block a network just to find out that your customers no longer get service, that is a much bigger issue that figuring our what is out technically, IMO. I am in agreement with you -- which is why I focus on the cultural aspect. Gadi.
participants (2)
-
Gadi Evron
-
Jimmy Hess