[95854] in North American Network Operators' Group
Re: Abuse procedures... Reality Checks
daemon@ATHENA.MIT.EDU (william(at)elan.net)
Sat Apr 7 18:01:30 2007
Date: Sat, 7 Apr 2007 15:57:48 -0700 (PDT)
From: "william(at)elan.net" <william@elan.net>
To: Fergie <fergdawg@netzero.net>
Cc: rsk@gsp.org, nanog@merit.edu
In-Reply-To: <20070407.145134.701.978515@webmail15.lax.untd.com>
Errors-To: owner-nanog@merit.edu
On Sat, 7 Apr 2007, Fergie wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- Rich Kulawiec <rsk@gsp.org> wrote:
>
> 1. There's nothing "indiscriminate" about it.
>
>> I often block /24's and larger because I'm holding the *network* operators
>> responsible for what comes out of their operation. If they can't hold
>> the outbound abuse down to a minimum, then I guess I'll have to make
>> up for their negligence on my end. I don't care why it happens -- they
>> should have thought through all this BEFORE plugging themselves in
>> and planned accordingly. ("Never build something you can't control.")
>
> I would have to respectfully disagree with you. When network
> operators do due diligence and SWIP their sub-allocations, they
> (the sub-allocations) should be authoritative in regards to things
> like RBLs.
>
> $.02,
Yes. But the answer is that it also depends how many other cases like
this exist from same operator. If they have 16 suballocations in /24
but say 5 of them are spewing, I'd block /24 (or larger) ISP block.
The exact % of bad blocks (i.e. when to start blocking ISP) depends
on your point of view and history with that ISP but most in fact do
held ISPs partially responsible.
--
William Leibzon
Elan Networks
william@elan.net
