On Sun, Mar 12, 2017 at 7:53 PM, Baldur Norddahl <baldur.nordd...@gmail.com> wrote:
> > > Den 12/03/2017 kl. 18.14 skrev Brielle Bruns: > >> http == TCP >> DNS == (usually) UDP >> >> Big difference here. One requires a three way handshake tearup/teardown, >> the other does not. >> >> It is not an apples to apples comparison. >> >> > You can replicate (download) the whole WHOIS if you need to. There is also > no requirement that removal from reputation lists is instant. We would be > good if it happened just within a month or even half a year. The situation > now is however that you will never have it removed and many reputation > services will ignore you if try to contact them for manual removal. > > At least in the RIPE managed space there IS a reliable way to know for > sure who owns a block. Can you know that the new owner is any better than > the old? Of course not, but that is true even for "fresh" address space. > > I am not a fan of reputation services that blacklist forever. It is just > wrong and open for abuse of power. But not much I can do about that other > than not using their service. > > Also, no reason why a UDP (or DNS based even) query can't be implemented to facilitate reputation lookups for ASNs, or even ownership. -- Regards, Chris Knipe