North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BL of Compromised Hosts?
"Michel Py" <[email protected]> writes: > There is a regrouping of BGP feeds for various "questionable" hosts and > networks around AS29467; read > http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt and > feel free to contact the authors. It behooves the prospective user of said feed to read and understand draft-py, carefully research the pedigree of the data sources that go into the soup, and draw his own conclusions - taking as conservative and discriminating an approach as he deems necessary in terms of what he accepts. I anticipate wide variance in the quality of feeds provided, based on previous conduct of the proposed initial participants. As the primary author has said in a private communique, "it's like RBL mailing lists: there are good and bad ones". Unfortunately, my reading of draft-py is that in this case, they're to be rolled up into a single feed, discernable only by community. I believe that's a step away from goodness. Wait, you say, filtering routes is easily done by any experienced user, right? Well, yes. Not everyone's an experienced user, though. My primary concern here is one of education; the danger with a roll-up feed such as this one is that the default case is to accord equal credence to every blacklist; the naive end-user would discover that not only had he signed up for the spiritual equivalent of MAPS (conservative, responsive, and responsible) but also SPEWS (hard-to-reach, petty, vindictive, and probably going to list my home mail server or maybe my whole /24 in retalliation for casting them in a negative light in a public forum). Of course, the RBL-consumer will learn about this when his customers call. Surprise, surprise, surprise... > The different sources have different but commonly known communities. ... which are undocumented in draft-py itself, and among the URLs listed in Section 2 for more information, only Team Cymru offers a BGP community advisory on their web page. So, I must not be part of the "in-crowd" to know these "commonly known" communities... ---Rob