zotob - blocking tcp/445

• Previous message (by thread): zotob - blocking tcp/445
• Next message (by thread): zotob - blocking tcp/445
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you have an offending network that does not respond to 
abuse/complaints, your best course of action is to no longer communicate 
with that network. That is your own choice as an end-user/network operator.

Complaining to their upstream or transit provider will only get them to 
switch providers. The traffic will continue. An alternative solution as 
you mentioned, involves some laywers, and attempt to recover 
compensation for the damages. Good luck with that one though. From the 
looks of it, you'll spend more money in court than you would have just 
blocking them.

We can't force other networks to "play nice". As we all know, the 
Internet is an open network. Protect yourself, and make sure you are not 
one of the internet scum sending out this stuff, but don't depend on 
others to play nice with you.

Transit providers should not be CONTENT filtering their customers (for 
free anyways, I'm all for selling security services). This does not mean 
they have no responsibility to keep a proper abuse/security staff. If a 
transit provider has a customer who is constantly infecting/spamming/etc 
and fails to act, by all means take action and drop the customer.

My main point is, if we depend on our transit providers to act as 
Internet nannies, we are promoting poor end-user network management.


---
Andy

Roger Marquis wrote:
> How is this different from a transit provider allowing their network
> to be used for spam?  Seems the same hands-off argument was made wrt
> spam a decade ago but has since proved unsustainable.
> 
> Our particular problem is with an ISP in Wisconsin, NETNET-WAN.  We
> get tens of thousands of scans to netbios ports every day from their
> /19.  This is several orders of magnitude more netbios than we see
> from the rest of the net combined.  It's eating nontrivial bandwidth
> and cpu that we pay real money for.  They've had our logs for months
> but seem incapable of doing anything about their infected customers.
> The suits recommend documenting time and bandwidth costs and sending
> a bill with a cease and desist request.
> 
> My question is not what can we do about bots, we already filter
> these worst case networks, but what can we do to make it worthwhile
> for bot-providers like NETNET to police their own networks without
> involving lawyers?
> 

• Previous message (by thread): zotob - blocking tcp/445
• Next message (by thread): zotob - blocking tcp/445
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]