[95864] in North American Network Operators' Group
RE: Abuse procedures... Reality Checks
daemon@ATHENA.MIT.EDU (Frank Bulk)
Sat Apr 7 20:37:39 2007
Reply-To: <frnkblk@iname.com>
From: "Frank Bulk" <frnkblk@iname.com>
To: "'Stephen Satchell'" <list@satchell.net>, <frnkblk@iname.com>
Cc: <nanog@nanog.org>
Date: Sat, 7 Apr 2007 19:36:26 -0500
In-Reply-To: <46181EC3.6010707@satchell.net>
Errors-To: owner-nanog@merit.edu
Stephen:
Are you saying that if there's nefarious IP out there let's automatically
blacklist the /24 of that IP? J. Oquendo was describing his own methods and
they sounded quite manual, manual enough that he's getting down to a /8 as
necessary to blacklist a non-responsive operator. My point is that if
you're going to block something, either block the /32 or do the research to
justify blocking a larger group.
And despite ToS, I think many operators are running automated lookups, and
there are lots of examples out there for ARIN.
Frank
-----Original Message-----
From: Stephen Satchell [mailto:list@satchell.net]
Sent: Saturday, April 07, 2007 5:44 PM
To: frnkblk@iname.com
Cc: nanog@nanog.org
Subject: Re: Abuse procedures... Reality Checks
Frank Bulk wrote:
> [[Attribution deleted by Frank Bulk]]
>> Neither I nor J. Oquendo nor anyone else are required to
>> spend our time, our money, and our resources figuring out which
>> parts of X's network can be trusted and which can't.
>
> It's not that hard, the ARIN records are easy to look up. Figuring out
that
> network operator has a /8 that you want to block based on 3 or 4 IPs in
> their range requires just as much work.
It's *very* hard to do it with an automated system, as such automated
look-ups are against the Terms of Service for every single RIR out there.
Please play the bonus round: try again.