[145026] in North American Network Operators' Group
Re: "general badness" AS-based reputation system
daemon@ATHENA.MIT.EDU (Manish Karir)
Sun Sep 25 21:23:17 2011
From: Manish Karir <mkarir@merit.edu>
In-Reply-To: <mailman.9160.1316989916.1873.nanog@nanog.org>
Date: Sun, 25 Sep 2011 21:23:00 -0400
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 25, 2011, at 6:31 PM, nanog-request@nanog.org wrote:
> Message: 9
> Date: Sun, 25 Sep 2011 18:37:17 +0300
> From: Gadi Evron <ge@linuxbox.org>
> To: nanog@nanog.org
> Subject: "general badness" AS-based reputation system
> Message-ID: <4E7F4AAD.8020400@linuxbox.org>
> Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed
>=20
> Having run one of these in the past, when take-downs of C&Cs was still=20=
> semi-useful, my ethos on this is problematic, however, I am as of yet=20=
> undecided as to this one. An AS-based reputation system for all sorts =
of=20
> badness:
>=20
> http://bgpranking.circl.lu/
>=20
> In my opinion, third-party security based AS-reputation systems will=20=
> eventually become de-facto border filtering systems for ISPs, but that=20=
> day is still not here, as that is still socially unacceptable in our=20=
> circles, and will remain so until it becomes _necessary_.
>=20
> Regardless of my musings of Operators World cultural future, this=20
> systems seems rather interesting, and no doubt you'd want to take a =
look=20
> at your listing.
>=20
> Gadi.
We tried to outline some of the challenges of building such a system in =
our NANOG52 presentation:
=
http://www.merit.edu/networkresearch/papers/pdf/2011/NANOG52_reputation-na=
nog.pdf
In particular see slide 4. where we tried to lay down what we think the =
requirements are for a socially acceptable
reputation system. =20
With a bit of luck we might be able to announce the release of our =
system before the next NANOG mtg, but in=20
my opinion collating host reputation reports is just a small and the =
easiest part of the effort. The key is in=20
solving the challenges of allowing (and incentivizing) participation and =
being robust to false information
injection.
Comments are welcome.
Thanks.
-manish
