Abuse procedures... Reality Checks

Frank Bulk frnkblk at iname.com
Sun Apr 8 00:36:26 UTC 2007


Stephen:

Are you saying that if there's nefarious IP out there let's automatically
blacklist the /24 of that IP?  J. Oquendo was describing his own methods and
they sounded quite manual, manual enough that he's getting down to a /8 as
necessary to blacklist a non-responsive operator.  My point is that if
you're going to block something, either block the /32 or do the research to
justify blocking a larger group.

And despite ToS, I think many operators are running automated lookups, and
there are lots of examples out there for ARIN.

Frank

-----Original Message-----
From: Stephen Satchell [mailto:list at satchell.net] 
Sent: Saturday, April 07, 2007 5:44 PM
To: frnkblk at iname.com
Cc: nanog at nanog.org
Subject: Re: Abuse procedures... Reality Checks

Frank Bulk wrote:
 > [[Attribution deleted by Frank Bulk]]
>> Neither I nor J. Oquendo nor anyone else are required to 
>> spend our time, our money, and our resources figuring out which 
>> parts of X's network can be trusted and which can't.  
> 
> It's not that hard, the ARIN records are easy to look up.  Figuring out
that
> network operator has a /8 that you want to block based on 3 or 4 IPs in
> their range requires just as much work.

It's *very* hard to do it with an automated system, as such automated 
look-ups are against the Terms of Service for every single RIR out there.

Please play the bonus round:  try again.




More information about the NANOG mailing list