Abuse procedures... Reality Checks

• Previous message (by thread): Abuse procedures... Reality Checks
• Next message (by thread): Abuse procedures... Reality Checks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 7, 2007, at 4:20 PM, Frank Bulk wrote:

> Sure, block that /29, but why block the /24, /20, or even /8?   
> Perhaps your
> (understandable) frustration is preventing you from agreeing with  
> me on this
> specific case.  Because what you usually see is an IP from a /20 or  
> larger
> and the network operators aren't dealing with it.  In the example I  
> gave
> it's really the smaller /29 that's the culprit, it sounds like you  
> want to
> punish a larger group, perhaps as large as an AS, for the fault of  
> smaller
> network.

Well it sounds like the original poster is trying to punish the  
"network operator" by intentionally blocking innocent bystanders and  
therefore causing them grief so if that is your goal then a /24 seems  
like a decent arbitrary size.  You are mostly sure you won't block  
across providers that way at least.

However, even if this isn't your goal it can be really hard sometimes  
to have any clue how big a netblock is for a particular IP address.   
ARIN may make small folks like us jump through hoops but apparently  
this isn't true for larger providers.  We often run into abuse from  
IP addresses (or a range of addresses) where there is no rwhois sever  
and the entire /19 or larger is SWIPed as a single netblock.  I've  
seen some really, really large blocks with absolutely no sub- 
delegation when clearly the addresses are sub-delegated.

We will often temporary block a /24 on email blacklists for  
instance.  When you're getting pounded from a range of 30 or 50 IP  
addresses and can't get any response from the upstream then it is  
farily obvious they are less than white hat so we're willing to live  
with the collateral damage.

Chris

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen         ~ Garden City (620) 275-1900 ~  Lottery (noun):
President          ~ Wichita     (316) 858-3000 ~    A stupidity tax
Hubris Communications Inc      www.hubris.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGGA6nElUlCLUT2d0RAkWzAJ4mjXT5gwB0psG7e/YhmzUcFXhksgCgyx2g
5VDgB0KMLyMFIdVzrPaPGJI=
=E5xl
-----END PGP SIGNATURE-----

• Previous message (by thread): Abuse procedures... Reality Checks
• Next message (by thread): Abuse procedures... Reality Checks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]