"general badness" AS-based reputation system

[mkarir at merit.edu (Manish Karir)]

On Sep 25, 2011, at 6:31 PM, nanog-request at nanog.org wrote:

> Message: 9
> Date: Sun, 25 Sep 2011 18:37:17 +0300
> From: Gadi Evron <ge at linuxbox.org>
> To: nanog at nanog.org
> Subject: "general badness" AS-based reputation system
> Message-ID: <4E7F4AAD.8020400 at linuxbox.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Having run one of these in the past, when take-downs of C&Cs was still 
> semi-useful, my ethos on this is problematic, however, I am as of yet 
> undecided as to this one. An AS-based reputation system for all sorts of 
> badness:
> 
> http://bgpranking.circl.lu/
> 
> In my opinion, third-party security based AS-reputation systems will 
> eventually become de-facto border filtering systems for ISPs, but that 
> day is still not here, as that is still socially unacceptable in our 
> circles, and will remain so until it becomes _necessary_.
> 
> Regardless of my musings of Operators World cultural future, this 
> systems seems rather interesting, and no doubt you'd want to take a look 
> at your listing.
> 
> Gadi.

We tried to outline some of the challenges of building such a system in our NANOG52 presentation:

http://www.merit.edu/networkresearch/papers/pdf/2011/NANOG52_reputation-nanog.pdf

In particular see slide 4. where we tried to lay down what we think the requirements are for a socially acceptable
reputation system.  

With a bit of luck we might be able to announce the release of our system before the next NANOG mtg, but in 
my opinion collating host reputation reports is just a small and the easiest part of the effort.  The key is in 
solving the challenges of allowing (and incentivizing) participation and being robust to false information
injection.

Comments are welcome.

Thanks.
-manish