[95852] in North American Network Operators' Group
Re: Abuse procedures... Reality Checks
daemon@ATHENA.MIT.EDU (Chris Owen)
Sat Apr 7 17:37:50 2007
In-Reply-To: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAABjX9wsL/IlQZWXBUX6jZISAQAAAAA=@iname.com>
From: Chris Owen <owenc@hubris.net>
Date: Sat, 7 Apr 2007 16:35:35 -0500
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Apr 7, 2007, at 4:20 PM, Frank Bulk wrote:
> Sure, block that /29, but why block the /24, /20, or even /8?
> Perhaps your
> (understandable) frustration is preventing you from agreeing with
> me on this
> specific case. Because what you usually see is an IP from a /20 or
> larger
> and the network operators aren't dealing with it. In the example I
> gave
> it's really the smaller /29 that's the culprit, it sounds like you
> want to
> punish a larger group, perhaps as large as an AS, for the fault of
> smaller
> network.
Well it sounds like the original poster is trying to punish the
"network operator" by intentionally blocking innocent bystanders and
therefore causing them grief so if that is your goal then a /24 seems
like a decent arbitrary size. You are mostly sure you won't block
across providers that way at least.
However, even if this isn't your goal it can be really hard sometimes
to have any clue how big a netblock is for a particular IP address.
ARIN may make small folks like us jump through hoops but apparently
this isn't true for larger providers. We often run into abuse from
IP addresses (or a range of addresses) where there is no rwhois sever
and the entire /19 or larger is SWIPed as a single netblock. I've
seen some really, really large blocks with absolutely no sub-
delegation when clearly the addresses are sub-delegated.
We will often temporary block a /24 on email blacklists for
instance. When you're getting pounded from a range of 30 or 50 IP
addresses and can't get any response from the upstream then it is
farily obvious they are less than white hat so we're willing to live
with the collateral damage.
Chris
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun):
President ~ Wichita (316) 858-3000 ~ A stupidity tax
Hubris Communications Inc www.hubris.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFGGA6nElUlCLUT2d0RAkWzAJ4mjXT5gwB0psG7e/YhmzUcFXhksgCgyx2g
5VDgB0KMLyMFIdVzrPaPGJI=
=E5xl
-----END PGP SIGNATURE-----