ticketmaster.com 403 Forbidden

Ken Chase math at sizone.org
Mon Feb 6 17:39:44 UTC 2017

Seems to me this random prefix-based blocking by major sites, 
then let's-use-nanog-to-fix-it, is not a great methodology.

I block whole /18s and such to deal with .cn/.ru botnets too, but luckily my
cxs' cxs are mostly North American, few complaints yet. Sledgehammer style -

Is there a better method other than us sheep bleating helplessly at behemoths
who might not even have a presence on Nanog-l? 

This sledgehammer blacklisting results in a filter where smaller than /16
doesnt get addressed due to time cost of dealing with fewer revenue-generating
eyeballs per ticket.

Result: big ISPs win though sieve effect.

Google has adopted a 'blacklist for a while' policy with their spam control,
which mostly works but can leave you in the dark as to why you're continually
relisted for no obvious reason - no humans out there to help directly, so it's
back to bleating on nanog by Nate and friends.

What more 'official' and formalized mechanisms can we use?


On Mon, Feb 06, 2017 at 12:19:00PM -0500, Ethan E. Dee said:
  >So their policy says, if an ISP has one scalper, we'll block their entire
  >subnet and not tell them why?

Ken Chase - math at sizone.org Guelph Canada

More information about the NANOG mailing list