<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <div class="moz-cite-prefix">Am 18.05.21 um 21:52 schrieb Erik Bais: </div> <blockquote type="cite" cite="mid:9515151D-5223-457D-8BFC-D9610CEDA340@bais.name"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="Generator" content="Microsoft Word 15 (filtered medium)"> <style>@font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {mso-style-priority:34; margin-top:0cm; margin-right:0cm; margin-bottom:0cm; margin-left:36.0pt; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Calibri",sans-serif;}span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri",sans-serif; color:windowtext;}.MsoChpDefault {mso-style-type:export-only; font-family:"Calibri",sans-serif;}div.WordSection1 {page:WordSection1;}ol {margin-bottom:0cm;}ul {margin-bottom:0cm;}</style> <div class="WordSection1"> Hi, <o:p></o:p> <o:p> </o:p> As I asked during the Connect WG today, there are discussions currently going on in the Dutch network community to see if there is a way to get a cleaner feed from routeservers on internet exchanges. ( by default ) <o:p></o:p> <o:p> </o:p> As you may know there is an Dutch Anti Abuse Network initiative ( AAN ) – abuse.nl <o:p></o:p> <o:p> </o:p> The companies associated with AAN setup and all signed a manifest ( in Dutch - <a class="moz-txt-link-freetext" href="https://www.abuse.nl/manifest/">https://www.abuse.nl/manifest/</a> ) that states that we will all do our best to provide a better and cleaner internet. <o:p></o:p> <o:p> </o:p> </div> </blockquote> Nice initiative! <blockquote type="cite" cite="mid:9515151D-5223-457D-8BFC-D9610CEDA340@bais.name"> <div class="WordSection1">...<o:p></o:p> <o:p> </o:p> Topics that should be included on the rating for the list : <o:p></o:p> <o:p> </o:p> <ul style="margin-top:0cm" type="disc"> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Phishing (hosting sites / domain registrations ) <o:p></o:p></li> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Malware hosting ( binaries and C&C’s ) <o:p></o:p></li> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">DDOS traffic ( number of amplification devices in the network compared to the number of IP address ratio )<o:p></o:p></li> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Login attacks / excessive port scanning <o:p></o:p></li> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Hosting of Child exploitation content <o:p></o:p></li> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Infected websites / Zeus Botnets <o:p></o:p></li> <li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Etc<o:p></o:p></li> </ul> <o:p> </o:p> </div> </blockquote> One problem with the approach is that there isn't a single measure of badness, as the topic list already shows. It's a multi-dimensional vector, and its dimensions are not easily defined in a non-controversial way. The criteria for including a network in a top N list will therefore be unavoidably subjective. In the process of thinking about ways to tackle e-mail abuse (which doesn't even show in your list, probably because it's not really a problem for network operators but only for mail operators) I came up with some ideas about a distributed reputation network that might have some desirable properties: <ul> <li>Separation of network and resource owner observations and policy decisions: It would be very helpful to have multiple independent and reliable sources listing type and severity of network abuse in real time, but I'd like to define my own policy rules and use those abuse metrics as input for policy decisions. As a mail operator, I might be personally very concerned about malware hosting, but the things that would affect my blocking policy are spam volume and mail account bruteforce attacks (and to some extent, DDOS traffic). Network operators may have different policies to protect the integrity of their networks and implement legally required rules.</li> <li>Distributed P2P database: I'm thinking about something like a cryptocurrency blockchain or the PGP web of trust, which avoids having a single point of failure and also avoids a single hierarchy of trust. Cryptography provides some excellent tools, but apart from the ubiquitous TLS (and the mentioned blockchain systems) it's used much too sparingly in securing information integrity.</li> <li>Reputation metrics: It should be possible to assert not only observations of network behavior, but also reputation statements about the publishers of such observations. This makes evaluating the trustworthyness of a reporter possible, and with enough participants could provide a relatively unbiased view.</li> </ul> Hope this provides some food for thought/discussion. I'm well aware that my viewpoint is necessarily limited, as I don't have any network operating experience, but some aspects may be transferrable to that area. Cheers, Hans-Martin </body> </html>