nanog mailing list archives
Long-term identifiers (was Re: who offers cheap (personal) 1U colo?)
From: Sean Donelan <sean () donelan com>
Date: Mon, 15 Mar 2004 05:24:48 -0500 (EST)
On Sun, 14 Mar 2004, Andrew Dorsett wrote:
In a dorm room situation or an apartment situation, you again know the physical port the DHCP request came in on. You then know which room that port is connected to and you therefore have a general idea of who the abuser is. So whats the big deal if you turn off the ports to the room until the users complain and the problem is resolved?
It has to do with response time. If I send an abuse complaint to an organization's mailbox on a Friday night, will it be dealt with in the next 10 seconds? Or sometime next week? If the computer reboots every 60 seconds, and gets different IP addresses every time, a single infected computer can appear with lots of different IP addresses which results in overblocking. Similar things happen when a very large corporation has a NAT firewall, and attacks appear to come from all over their address ranges. A long-term end-to-end identifier would let me immediately drop the specific infected computer's traffic regardless of its rotating IP addresses, even if your abuse department doesn't open until next monday to track down the user to permanently fix it. The other issue is assuming "abuse" is defined the same way. If I can uniquly identify the source, we don't have to debate whether my definition of abuse is the same as your definition. You might have a three-strike policy and I have a zero-tolerance policy. It doesn't matter if there was an end-to-end long-term identifier. While you are waiting for the other strikes, I can immediately block that specific computer regardless of what IP address it has today. That way "reputation" could be tied to the infected computer instead of random address ranges. If IPsec ever gets fully deployed, then we may be able to negotiate end-to-end identification. The long-term end-to-end identifier does not need to include personally identifiable information.
Current thread:
- Re: who offers cheap (personal) 1U colo?, (continued)
- Re: who offers cheap (personal) 1U colo? Suresh Ramasubramanian (Mar 14)
- Re: who offers cheap (personal) 1U colo? Andrew Dorsett (Mar 14)
- Re: who offers cheap (personal) 1U colo? Ken Diliberto (Mar 14)
- Re: who offers cheap (personal) 1U colo? Laurence F. Sheldon, Jr. (Mar 15)
- Re: who offers cheap (personal) 1U colo? Suresh Ramasubramanian (Mar 15)
- Re: who offers cheap (personal) 1U colo? Laurence F. Sheldon, Jr. (Mar 15)
- .edueyeball LART RE: who offers cheap (personal) 1U colo? Scott Weeks (Mar 15)
- Re: .edueyeball LART RE: who offers cheap (personal) 1U colo? Valdis . Kletnieks (Mar 15)
- The College Student Market Ken Diliberto (Mar 14)
- Re: who offers cheap (personal) 1U colo? Will Hargrave (Mar 14)
- Long-term identifiers (was Re: who offers cheap (personal) 1U colo?) Sean Donelan (Mar 15)
- Re: Long-term identifiers (was Re: who offers cheap (personal) 1U colo?) Petri Helenius (Mar 15)
- Re: Long-term identifiers (was Re: who offers cheap (personal) 1U colo?) Dave Crocker (Mar 17)
- Re: who offers cheap (personal) 1U colo? John Kristoff (Mar 15)
- Re: who offers cheap (personal) 1U colo? Andrew Dorsett (Mar 15)
- RE: who offers cheap (personal) 1U colo? Vivien M. (Mar 15)
- RE: who offers cheap (personal) 1U colo? Andrew Dorsett (Mar 15)
- RE: who offers cheap (personal) 1U colo? Curtis Maurand (Mar 16)
- RE: who offers cheap (personal) 1U colo? Curtis Maurand (Mar 16)
- Re: who offers cheap (personal) 1U colo? Laurence F. Sheldon, Jr. (Mar 16)
- Re: who offers cheap (personal) 1U colo? Scott McGrath (Mar 16)