This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters
- Previous message (by thread): [anti-abuse-wg] Anti-Abuse Working Group Chair Selection - RIPE 82
- Next message (by thread): [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erik Bais
erik at bais.name
Tue May 18 21:52:15 CEST 2021
Hi, As I asked during the Connect WG today, there are discussions currently going on in the Dutch network community to see if there is a way to get a cleaner feed from routeservers on internet exchanges. ( by default ) As you may know there is an Dutch Anti Abuse Network initiative ( AAN ) – abuse.nl The companies associated with AAN setup and all signed a manifest ( in Dutch - https://www.abuse.nl/manifest/ ) that states that we will all do our best to provide a better and cleaner internet. As members of the member organisation of the largest Internet Exchange, AMS-IX, we like to start with the discussion on asking the AMS-IX to filter certain AS numbers from the default routeserver view. The issue is that even if you don’t peer with certain networks directly, the change is very real that you will receive or that the other network receive your prefixes and that you may not want to peer with those networks. What we like to have is an independent way of generating a list with badhosts ( say a top 50 ) .. ( and with our Dutch infrastructure we have a couple on the Dutch infrastructure as well.. ) A couple years ago there was the list of HostExploit .. or one could have a look at the drop-list of SH .. Personally I would like a proper model that one can explain why a certain network is listed on a certain list with a clear method explaining of what kind of abuse is noted in the said network. Topics that should be included on the rating for the list : * Phishing (hosting sites / domain registrations ) * Malware hosting ( binaries and C&C’s ) * DDOS traffic ( number of amplification devices in the network compared to the number of IP address ratio ) * Login attacks / excessive port scanning * Hosting of Child exploitation content * Infected websites / Zeus Botnets * Etc So yeah, something similar as the Top 50 of HostExploit ranking .. but HostExploit stopped producing these lists in 2014. By filtering a top 50 of badness hosters on the Routeservers would remove the cheap IXP option for network connectivity at the better Internet Exchanges and provide a way to remove any DDOS traffic via BGP null-routing via Transits. And companies that would still want to peer with a certain network, can still do so by direct peering setup via the IXP infra. And it will not bring the IXP in a position where it will be asked on why they are still offering services to certain parties .. as that might become legally difficult especially in a membership organisation. So we don’t mind if we take their money as long as are not forced to peer with them via the routeservers. Your constructive feedback is highly appreciated. Regards, Erik Bais A2B Internet -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210518/d9361fde/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Anti-Abuse Working Group Chair Selection - RIPE 82
- Next message (by thread): [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]