[145039] in North American Network Operators' Group
Re: "general badness" AS-based reputation system
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Sep 26 09:52:21 2011
Date: Mon, 26 Sep 2011 16:52:04 +0300
From: Gadi Evron <ge@linuxbox.org>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbW4SM0icz33UnASMPVqgY7sEvveG1RUELtdyf8gH5uvaQ@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 9/26/11 2:31 AM, Jimmy Hess wrote:
> Sorry... what makes you think the problem with use of a
> AS-reputation systems is
> social and not technical?
>
> IP packets are not stamped with the numbers of any of the AS they
> transitted to reach your network.
> The IP protocol simply does not expose AS number information,
> therefore, for filtering purposes,
> you don't actually have the information....
Filtering is dangerous, especially when done with ASNs. There are many
technical challenges and many levels of filtering, all are technical
issues and policy decisions based on how bad it's needed. Let's not
forget how dangerous it is to block a network just to find out that your
customers no longer get service, that is a much bigger issue that
figuring our what is out technically, IMO.
I am in agreement with you -- which is why I focus on the cultural aspect.
Gadi.
