[ncc-services-wg] RIPE50 - NCC Services WG Draft Minutes

Dear Hank,

Hank Nussbacher wrote:
>>D. A New Version of the Hostcount
>>http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-serv-
>>hostcount.pdf
>>RIPE NCC
>>
>>Timur requests feedback on the value of this service.
>>
>>Questions:
>>Kurtis asks how many are using this whois data?  Counts...yes, a few
>>people using this data.
>>Anyone has any comments about proposed changes?
> 
> 
> As someone who was not at RIPE50 but who uses hostcount, I would like to
> add my comments and support.  I find this service extremely useful.  One
> real world use is as follows: the university network in Israel has IP
> addresses spanning a range of about 16 /16s.  All domain names inside the
> universities should terminate with ac.il or at the worst org.il.  But
> often students take a university Unix system that they have access to and
> start using it for non-academic purposes (left as an exercise for the
> reader to think of what constitutes non-academic :-)).  Using grep on the
> raw data file I can easily spot those systems that are running
> questionable content based on their domain name (co.il for example).
> 
> Sometimes, hackers change an IP address to some name that has certain
> character strings that are unique to the hacker realm.  By running a
> series of greps on the raw data file I can find those systems that may
> have been compromised and contact the appropriate ISP in Israel.
> 
> So please - make hostcount work again.  Incidentally, it stopped working
> in Jan 2005.
> 

We are currently working on the problem you recently reported. My
apologies that it takes longer than we expected. It is limited to
publishing the raw data and the rest of the hostcount is functioning well.

However, it seems that for you (and maybe some other people) the core
value of the Hostcount is in the raw data, not so much in the statistics
and a measurement of the "size of the Internet". This is different from
the objectives of the projects as was presented at RIPE 50.

In our view, while there are cases where raw data may be useful, the
real value of the Hostcount for the community is in the statistics and
trends that are produced from different data sources (e.g. forward DNS
tree, reverse DNS, BGP tables).

There are a few issues with publishing the raw data. One of them is that
the implicit AUP under which data is collected does not necessarily
match the AUP under which data is used. I believe some of the ccTLD
would not like their data to be published and assuring them that this
will not be the case may facilitate their participation in this project.

Secondly, there are commercial products available on the market, the ISC
domain survey is just one of those.

Finally we wish to make all software publicly available so people may
collect data themselves. In your case that may be a collaboration with
the Israeli ccTLD administrator.

Therefore in the Hostcount++ we proposed not to ship raw data at all.

But if the consensus is that raw data is the real value of this project,
then we need to make adjustments to the requirements.

> Regards,
> Hank

Regards,

Andrei Robachevsky
RIPE NCC