This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] [Misc] Research project on blacklists
- Previous message (by thread): [anti-abuse-wg] [Misc] Research project on blacklists
- Next message (by thread): [anti-abuse-wg] [Misc] Research project on blacklists
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Thu Jul 18 19:02:27 CEST 2019
In message <CAKcP59JPJT2LsUTrtgAsLeUTDsCrVBWq0_Cuas8LAvNAApQ7UQ at mail.gma il.com>, Anushah Hossain <anushah at icsi.berkeley.edu> writes > >surprisingly, I haven't seen the request on any other lists that > are (a) > relevant and (b) open -- perhaps they and their project team are > not > especially well connected in this space :( > > This is true. We were advised to share to RIPE and regional NOG > mailing lists. Are there others you would have recommended? ask the APWG to circulate the request to their members, and you might do the same with M3AAWG > > as John Levine already noted, the questionnaire seems somewhat > confused > as to whether it cares about routing issues (bogon lists, the > Spamhaus > DROP list etc) or spam filtering (bad domains, phishing feeds, > botnet > IPs etc etc) > > Hm, I think we are interested in quite the range of blacklists. The issues will vary considerably between different types of list > Here is a table of what my colleagues are monitoring: > > image.png > > >it also asked if internally generated lists were used, but seemed > curiously uninterested in anything other than if the answer to that > was > yes or no -- a missed opportunity I thought. > > What would you have recommended probing here? you could have asked an open ended question which asked what they did, how they were built, why they were built in house and how significant they were. > I have been conducting interviews with those > working in abuse prevention (even at some of the companies that > have been mentioned upthread) to collect more specific anecdotes > about how dynamic addressing has lowered the accuracy of certain > feeds, we've had DHCP for decades (and everyone knows the issues) ... are you sure they weren't discussing Carrier Grade NAT ? > for example, or how errors in geo-IP feeds affected them. my own impression of these is that you get what you pay for ... but unless you are buying proxies I'm sceptical that large scale abuse filtering systems use this type of info as more than a one indicator amongst many. if you buying a proxy you may care a lot more ! Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill. How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation. In Proceedings of the 2018 ACM Internet Measurement Conference (IMC'18). Boston, MA. October 2018. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 185 bytes Desc: not available URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190718/fe8a0aee/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] [Misc] Research project on blacklists
- Next message (by thread): [anti-abuse-wg] [Misc] Research project on blacklists
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]