Re: Repeated Blacklisting / IP reputation

[Joe Greco <jgreco () ns sol net>]

> On Tue, 8 Sep 2009, Joe Greco wrote:
> > It seems like it *could* be useful to have a system to notify of network
> > delegation changes, but it also seems like if this was particularly
> > important to anyone, then someone would have found a trivial way to
> > implement at least a poor man's version of it.  For example, record
> > the ASN of a blocked IP address and remove the block when the ASN
> > changes...
>
> That too, would be easily gamed by spammers.  Just get multiple ASN's and 
> bounce your dirty IPs around between them to clean them.  The IP space 
> being a direct (RIR->LIR) allocation having been made after the blocking 
> was initiated is a pretty clear sign that the space has actually changed 
> hands, and seems like it would be fairly difficult (if at all possible) to 
> game.

Right, but they'll only do that if they're aware of such a system and it
is significant enough to make a dent in them.  Further, it would be a
mistake to assume that *just* changing ASN's would be sufficient.  The
act of changing ASN's could act as a trigger to re-whois ARIN for an
update of ownership, for example.  The fact is that the information to
trigger a re-query of ownership upon a redelegation sort-of already
exists, though it is clearly imperfect.

My point was that if it was actually useful to "notice" when an IP
delegation moved, someone would already have made up a system to do this
somehow.

So my best guess is that there isn't a really strong incentive to pursue
some sort of notification system, because you could pretty much do it
as it stands.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.