Abuse procedures... Reality Checks
Frank Bulk
frnkblk at iname.com
Sun Apr 8 00:36:26 UTC 2007
Stephen:
Are you saying that if there's nefarious IP out there let's automatically
blacklist the /24 of that IP? J. Oquendo was describing his own methods and
they sounded quite manual, manual enough that he's getting down to a /8 as
necessary to blacklist a non-responsive operator. My point is that if
you're going to block something, either block the /32 or do the research to
justify blocking a larger group.
And despite ToS, I think many operators are running automated lookups, and
there are lots of examples out there for ARIN.
Frank
-----Original Message-----
From: Stephen Satchell [mailto:list at satchell.net]
Sent: Saturday, April 07, 2007 5:44 PM
To: frnkblk at iname.com
Cc: nanog at nanog.org
Subject: Re: Abuse procedures... Reality Checks
Frank Bulk wrote:
> [[Attribution deleted by Frank Bulk]]
>> Neither I nor J. Oquendo nor anyone else are required to
>> spend our time, our money, and our resources figuring out which
>> parts of X's network can be trusted and which can't.
>
> It's not that hard, the ARIN records are easy to look up. Figuring out
that
> network operator has a /8 that you want to block based on 3 or 4 IPs in
> their range requires just as much work.
It's *very* hard to do it with an automated system, as such automated
look-ups are against the Terms of Service for every single RIR out there.
Please play the bonus round: try again.
More information about the NANOG
mailing list