« "Why", not "How", a Security Specialist Fell Victim to Attack | Main | new pats posted - 20050521 (maintenance pats release) »

May 20, 2005

ASN DNSBL, RSN

Kai is saying that he may be releasing a DNSBL that allows queries regarding the reputation of entire networks soon, by way of the ASN (autonomous system number) each has. On the one hand, this is a great tool from the simplicity standpoint; if you want to block Scott Richter's WholesaleBandwidth, you could block any traffic from ASN 32311. What could be easier? On the other hand, though, this is a very broad brush, and if widely used, could either force an even greater fragmentation of spam hosts (if you can get worse than the zombies, anyway) or result in a lot of false positives as a result of blocking the wrong ASN. For example, say you're turned off by the poor list management or slow response to abuse reports at Intellicontact, so you block ASN 7349. Well, that happens to be our ASN, too. So use of such a tool demands caution.

Posted by schampeo at May 20, 2005 1:12 PM

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

• Classifications
• News
• Request Eval