[151981] in North American Network Operators' Group
Re: SORBS?!
daemon@ATHENA.MIT.EDU (Brett Frankenberger)
Fri Apr 6 17:33:41 2012
Date: Fri, 6 Apr 2012 16:33:05 -0500
From: Brett Frankenberger <rbf+nanog@panix.com>
To: Nick Hilliard <nick@foobar.org>
In-Reply-To: <4F7DDA3A.4080406@foobar.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Apr 05, 2012 at 06:45:30PM +0100, Nick Hilliard wrote:
> On 05/04/2012 17:48, goemon@anime.net wrote:
> > But they will care about a /24.
>
> I'm curious as to why they would want to stop at /24. If you're going to
> take the shotgun approach, why not blacklist the entire ASN?
It's a balancing act. Too little collateral damage and the provider
hosting the spammer isn't motivated to act. Too much collateral
damage, and no one uses your blacklist because using it generates too
many user complaints, and then your list doesn't motivate anyone to do
anything because there's no real downside to being on the list. Just
the right amount of collateral damage, and your list gets widely used,
and causes enough pain on the other of the /24 that they clean things
up.
I'm not arguing for or against any particular amount of collateral
damage. Just commenting on the effects of varying amounts of
collateral damage.
-- Brett
