Abuse procedures... Reality Checks

• Previous message (by thread): Abuse procedures... Reality Checks
• Next message (by thread): Abuse procedures... Reality Checks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 7 Apr 2007, Fergie wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- Rich Kulawiec <rsk at gsp.org> wrote:
>
> 1. There's nothing "indiscriminate" about it.
>
>> I often block /24's and larger because I'm holding the *network* operators
>> responsible for what comes out of their operation.  If they can't hold
>> the outbound abuse down to a minimum, then I guess I'll have to make
>> up for their negligence on my end.  I don't care why it happens -- they
>> should have thought through all this BEFORE plugging themselves in
>> and planned accordingly.  ("Never build something you can't control.")
>
> I would have to respectfully disagree with you. When network
> operators do due diligence and SWIP their sub-allocations, they
> (the sub-allocations) should be authoritative in regards to things
> like RBLs.
>
> $.02,

Yes. But the answer is that it also depends how many other cases like
this exist from same operator. If they have 16 suballocations in /24
but say 5 of them are spewing, I'd block /24 (or larger) ISP block.
The exact % of bad blocks (i.e. when to start blocking ISP) depends
on your point of view and history with that ISP but most in fact do
held ISPs partially responsible.

-- 
William Leibzon
Elan Networks
william at elan.net

• Previous message (by thread): Abuse procedures... Reality Checks
• Next message (by thread): Abuse procedures... Reality Checks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]