[193583] in North American Network Operators' Group
Re: ticketmaster.com 403 Forbidden
daemon@ATHENA.MIT.EDU (Ken Chase)
Mon Feb 6 12:41:12 2017
X-Original-To: nanog@nanog.org
Date: Mon, 6 Feb 2017 12:39:44 -0500
From: Ken Chase <math@sizone.org>
To: nanog@nanog.org
In-Reply-To: <d7f0bc5e-5684-1891-d0d5-60a5ab663ea2@globalvision.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Seems to me this random prefix-based blocking by major sites,
then let's-use-nanog-to-fix-it, is not a great methodology.
I block whole /18s and such to deal with .cn/.ru botnets too, but luckily my
cxs' cxs are mostly North American, few complaints yet. Sledgehammer style -
indelicate.
Is there a better method other than us sheep bleating helplessly at behemoths
who might not even have a presence on Nanog-l?
This sledgehammer blacklisting results in a filter where smaller than /16
doesnt get addressed due to time cost of dealing with fewer revenue-generating
eyeballs per ticket.
Result: big ISPs win though sieve effect.
Google has adopted a 'blacklist for a while' policy with their spam control,
which mostly works but can leave you in the dark as to why you're continually
relisted for no obvious reason - no humans out there to help directly, so it's
back to bleating on nanog by Nate and friends.
What more 'official' and formalized mechanisms can we use?
/kc
On Mon, Feb 06, 2017 at 12:19:00PM -0500, Ethan E. Dee said:
>So their policy says, if an ISP has one scalper, we'll block their entire
>subnet and not tell them why?
--
Ken Chase - math@sizone.org Guelph Canada
