On Mon, Apr 4, 2022 at 9:12 AM Laura Smith via NANOG <nanog@nanog.org> wrote:
> On Monday, April 4th, 2022 at 15:37, Mike Hammett <na...@ics-il.net> > wrote: > > > I'm checking in to see what people think of IP reputation services. > > Pre-IPv6 I was always a little apprehensive of using them for general use > because it was always a bit murky how they collected the IPs in the first > place. > > Post-IPv6 I would think IP reputation services are fairly pointless. With > people being given anything up to a /48 without question what are you going > to do ? Block whole /48s ? > Yes. Or /29s. Or ASNs. Depends on the scope of the abuse, and if the provider is complicit. One thing to keep in mind is data freshness. For individual IPs (or /48s) ownership can change frequently, so you need to make sure blocks expire in a timely manner. For /29s or ASNs this is less of a problem.... But... back back to the original question: consider trying to give each customer a stable IP. Rotating IPs frequently allows a single bad (or compromised) customer to poison your entire IP-space. Keeping them fixed allows you to identify the problem and get them cleaned up. Damian
