[60482] in North American Network Operators' Group
RE: Port blocking last resort in fight against virus
daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Wed Aug 13 08:26:39 2003
Date: Wed, 13 Aug 2003 08:26:03 -0400
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: "Mans Nilsson" <mansaxel@sunet.se>,
"Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: "Petri Helenius" <pete@he.iki.fi>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
>So give up trying to control the actions of the end nodes by
>destroying the edge. Make sure that complaints reach the correct
>responsible person. Limit your involvement to careful excerpts from
>your customer/IP-address database, or better yet, register them in
>the RIR registry so that others having complaints can reach them
>without wasting your time.
Intersting concept...
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to=20
SWIP the block to me claiming they are working on it (been a year now),=20
and they feel they need to know about whatever complaints they=20
get about me.
HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks,=20
I tracked them down and called them myself, and got told that=20
<ISP> never called them!!!
(I reported it 5 times)
This is a great idea, but I very much doubt that most ISP's will even do =
it.
And if ISP's did this.. NOTE the spammers, they would always lie about=20
WHOIS, RWHOIS, contact info...
I dunno, there is no perfect solution here... Except, as a community=20
we need to enforce RIR policies and actual enforce our own AUP's.
(NO shots being fired here, but as we all know some ISPs AUPs are like
a law-- only effect the good citizen and not the high $ customer)
just my 2c worth..
J
