Abuse procedures... Reality Checks
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Apr 9 21:39:07 UTC 2007
On Mon, 09 Apr 2007 17:11:28 EDT, "Azinger, Marla" said:
> In my company some functions related to sending a SWIP are automated,
> but my company has people on staff who know that it is happening and
> what it means.
Just because *your* site has enough clue to get it right doesn't mean that
the *average* site has enough clue to get it right.
In fact, I'll go out on a limb and posit that *in the cases I care about*,
it's even *less* likely that the SWIP is correct, because the same general
attitude of cluelessness that made them unable to police their users and
enforce their AUP (resulting in malicious packets arriving at my network)
will also tend to mean they didn't get the SWIP right.
So to sum up: The sites that *do* SWIP right are more likely to deal with
their user before I hear about it, causing me to *check* the whois. Meanwhile,
the sites that cluelessly allow malicious traffic also often don't SWIP right -
and that results in me contemplating the smallest range I *do* see in the
whois data. They didn't SWIP it so I could find the offending /26, that's
tough noogies for the rest of their /18.
Now where did I leave my Nomex jumpsuit? :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070409/c3bca566/attachment.sig>
More information about the NANOG
mailing list