Port blocking last resort in fight against virus
McBurnett, Jim
jmcburnett at msmgmt.com
Wed Aug 13 12:26:03 UTC 2003
>So give up trying to control the actions of the end nodes by
>destroying the edge. Make sure that complaints reach the correct
>responsible person. Limit your involvement to careful excerpts from
>your customer/IP-address database, or better yet, register them in
>the RIR registry so that others having complaints can reach them
>without wasting your time.
Intersting concept...
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to
SWIP the block to me claiming they are working on it (been a year now),
and they feel they need to know about whatever complaints they
get about me.
HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks,
I tracked them down and called them myself, and got told that
<ISP> never called them!!!
(I reported it 5 times)
This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about
WHOIS, RWHOIS, contact info...
I dunno, there is no perfect solution here... Except, as a community
we need to enforce RIR policies and actual enforce our own AUP's.
(NO shots being fired here, but as we all know some ISPs AUPs are like
a law-- only effect the good citizen and not the high $ customer)
just my 2c worth..
J
More information about the NANOG
mailing list