[arin-ppml] Forcing POCs and other contacts to act through a "blacklist"
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Apr 29 22:48:51 EDT 2011
In message <000001cc0671$a9715630$fc540290$@com>,
"David Feuer" <dave at connetrix.com> wrote:
>How would anyone feel if somebody created an IP blacklist server for
>hijacked IP space? Kind of like any of the spam blacklists but just with IP
>space that has been hijacked or otherwise compromised.
A truly marvelous idea.
>Does anyone feel that it would improve response from the owners / upstream?
"The Owners" are mostly long dead.
"The Upstreams" sometimes pay attention, and other times don't.
The evidence suggests that nobody @ ARIN ever even looks at that list.
(Spot checking I just pulled out a random entry and it happened to be
184.108.40.206/16, which I myself verified ages ago as belonging to the
long defunct "Vitalink".)
If I am wrong about ARIN never even looking at that list, then I will
be happy to be corrected.
Unlike me, Spamhaus has the good sense never to even make a fuss about
actively exploited hijacked IP blocks in public, undoubtedly because
they realize the ultimate futility and folly of investing any time or
energy in doing that.
Me personally? I still tilt at the occasional windmill and routinely
pound my head against the proverbial immovable object.
P.S. Spamhaus only seems to get stuff into that list rather late... well
after the blocks in question have already started to be exploited. (I like
to think that I am ahead of them in many cases.)
Also, a lot of what's in the Spamhaus DROP list isn't even actively being
routed anymore, even though the blocks in question are now provably ripe
for hijacking... all of them having been hijacked at least once before.
And by and large they all still have the same stale ARIN WHOIS records as
when they were last hijacked.
More information about the ARIN-PPML