Where are static bogon filters appropriate? was: 22.214.171.124/16 Bogons
mark at amplex.net
Tue Mar 6 23:24:22 UTC 2007
Mikael Abrahamsson wrote:
> On Tue, 6 Mar 2007, Sean Donelan wrote:
>> Isn't this true of everything (bad source addresses, worms, abuse,
>> etc). Does hiding/ignoring the problem just makes it worse because
>> there is no incentive to fix the problem while it is still a small
>> problem? If it isn't important enough to bother the customer, why
>> bother to fix it?
> Let's take a concrete example:
> Customer gets hacked, one of their boxen starts spewing traffic with
> spoofed addresses. The way I understand your solution is to
> automatically shut their port and disrupt all their traffic, and have
> them call customer support to get any further.
> Do you really think this is a good solution?
> I don't see any customer with a choice continuing having a
> relationship with me if I treat them like that. It will cost me and
> them too much.
> So instead I just drop their spoofed traffic and if they call and say
> that their line is slow, I'll just say it's full and they can
> themselves track down the offending machine and shut it off to solve
> the problem.
Neither one is really all that good but both have merit - some
compromises are in order. We shut them off only if it's causing
If we can mitigate the problem without shutting them off completely we
will. The usual example is customers spewing spam on port 25. We
block port 25 at the customers CPE and notify them as to why and how to
work around the block (use webmail or submission) while they fix the
problem. It's amazing how many customers are just plain OK with that
and never do get around to fixing the machine - but at least they know
that we blocked something for a reason.
Anything you do silently tends to cause customers to decide 'you suck'
and go elsewhere. Line is slow 'cause there machine is beating it to
death? Just get a new provider. When the new one also sucks they
either shrug and decide that's the way it is or finally fix the
problem. Either way the customer is lost to you 'cause they won't come
back even after they figure out it was their problem in the first place.
Shutting them off causes churn, leaving problems silently in place also
causes churn. The middle road mitigates damage and still manages to
keep the customers happy (well.. that might be stretching it a
mark at amplex.net 419.837.5015
More information about the NANOG