[117273] in North American Network Operators' Group
Re: Repeated Blacklisting / IP reputation
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Tue Sep 8 15:46:57 2009
Date: Tue, 8 Sep 2009 19:44:32 +0000
From: bmanning@vacation.karoshi.com
To: Joe Greco <jgreco@ns.sol.net>
In-Reply-To: <200909081934.n88JYAS9093038@aurora.sol.net>
Cc: bmanning@vacation.karoshi.com, "nanog@nanog.org" <nanog@nanog.org>,
John Curran <jcurran@arin.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Sep 08, 2009 at 02:34:10PM -0500, Joe Greco wrote:
> > there is a fundamental disconnect here. the IP space is neutral.
> > it has no bias toward or against social behaviours. its a tool.
> > the actual/real target here are the people who are using these tools
> > to be antisocial. blacklisting IP space is always reactive and
> > should only beused in emergency and as a -TEMPORARY- expedient.
> >
> > IMHO of course., YMMV.
>
> Show me ONE major MTA which allows you to configure an expiration for
> an ACL entry.
call me old skool... VI works a treat and I'm told there
is this thing called emacs ... but i remain dubious.
>
> The problem with your opinion, and it's a fine opinion, and it's even a
> good opinion, is that it has very little relationship to the tools which
> are given to people in order to accomplish blocking. Kind of the question
> I was contemplating in my other message of minutes ago.
if all you have is a hammer...
folks need better tools.
> If people were given an option to "block this IP for 30 minutes, 24 hours,
> 30 days, 12 months, 5 years, or forever" - I wonder how many people would
> just shrug and click "forever."
which is their choice. please show me the mandate for accepting
routes/packets from any/everywhere?
me, i'd want the option to "block 192.0.2.0/24 as long as it
is announced by AS 0 and the whois data points to RIAA as the
registered contact" e.g. not just a temporal block.
or - if traffic from 192.0.2.80 increases more than 65% in a 150
second interval, block the IP for 27 minutes.
or - allow any/all traffic from 192.0.2.42 - regardless of the
blocking on 192.0.2.0/24
the mind boggles.
> This may lead to the discovery of another fundamental disconnect - or two.
such is the course of human nature.
>
> Sigh.
>
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and] then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
> With 24 million small businesses in the US alone, that's way too many apples.
