Criminals, The Network, and You [Was: Something Else]

Sean Donelan sean at
Tue Sep 18 18:42:43 UTC 2007

On Tue, 18 Sep 2007, Rich Kulawiec wrote:
> here because I found the contrast between their years-long history of utter
> negligence and their officially-stated position to be particularly striking.
> Comcast, Charter, SBCGlobal, Ameritech, Level3, SWBell, Nextgentel, Pacbell,
> and Qwest, just to name a few off the cuff, are equally culpable.

They all suck isn't very useful information.  Although collectively 
they've probably fixed hundreds of thousands of customer computers over
the years, like bad Boston drivers, there is always more.

Instead of they suck, it might be more useful to highlight providers of
similar scale which you think do a good job which others could emulate.

> Anyway: the use of generic rDNS patterns for outright rejection turns out
> to be quite effective with a very low FP rate.

Some people think that users on dynamic addresses should be read-only, and
not allowed to operate servers or send messages. Like most forms of 
red-lining, it tends to become self-fulling.  Websites that only support 
Internet Explorer probably get very few false positives because people 
affected are used to working around that or just ignore them.  Networks
that don't update their Bogon lists probably get very few false positives
because people learn to work around them or ignore them.  And so on.

Unlesss accept all those messages from those addresses and check them, you 
really don't know the false positive rate.  You only know the 
self-reported complaint rate; which is usually a fraction of the actual 
false positive rate.

More information about the NANOG mailing list