ticketmaster.com 403 Forbidden

Ken Chase math at sizone.org
Mon Feb 6 17:39:44 UTC 2017


Seems to me this random prefix-based blocking by major sites, 
then let's-use-nanog-to-fix-it, is not a great methodology.

I block whole /18s and such to deal with .cn/.ru botnets too, but luckily my
cxs' cxs are mostly North American, few complaints yet. Sledgehammer style -
indelicate.

Is there a better method other than us sheep bleating helplessly at behemoths
who might not even have a presence on Nanog-l? 

This sledgehammer blacklisting results in a filter where smaller than /16
doesnt get addressed due to time cost of dealing with fewer revenue-generating
eyeballs per ticket.

Result: big ISPs win though sieve effect.

Google has adopted a 'blacklist for a while' policy with their spam control,
which mostly works but can leave you in the dark as to why you're continually
relisted for no obvious reason - no humans out there to help directly, so it's
back to bleating on nanog by Nate and friends.

What more 'official' and formalized mechanisms can we use?

/kc


On Mon, Feb 06, 2017 at 12:19:00PM -0500, Ethan E. Dee said:
  >So their policy says, if an ISP has one scalper, we'll block their entire
  >subnet and not tell them why?

-- 
Ken Chase - math at sizone.org Guelph Canada



More information about the NANOG mailing list