Brett Frankenberger rbf+nanog at
Fri Apr 6 16:33:05 CDT 2012

On Thu, Apr 05, 2012 at 06:45:30PM +0100, Nick Hilliard wrote:
> On 05/04/2012 17:48, goemon at wrote:
> > But they will care about a /24.
> I'm curious as to why they would want to stop at /24.  If you're going to
> take the shotgun approach, why not blacklist the entire ASN?

It's a balancing act.  Too little collateral damage and the provider
hosting the spammer isn't motivated to act.  Too much collateral
damage, and no one uses your blacklist because using it generates too
many user complaints, and then your list doesn't motivate anyone to do
anything because there's no real downside to being on the list.  Just
the right amount of collateral damage, and your list gets widely used,
and causes enough pain on the other of the /24 that they clean things

I'm not arguing for or against any particular amount of collateral
damage.  Just commenting on the effects of varying amounts of
collateral damage.

     -- Brett

More information about the NANOG mailing list