[95873] in North American Network Operators' Group
Re: Abuse procedures... Reality Checks
daemon@ATHENA.MIT.EDU (Matthew Black)
Sat Apr 7 23:56:37 2007
From: Matthew Black <black@csulb.edu>
To: nanog@nanog.org
Date: Sat, 07 Apr 2007 20:55:41 -0700
In-Reply-To: <200704080141.l381fJ4E018879@s25.firmware.com>
Errors-To: owner-nanog@merit.edu
On Sat, 7 Apr 2007 20:41:19 -0500 (CDT)
Robert Bonomi <bonomi@mail.r-bonomi.com> wrote:
> BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a
>provider's
> network are riddled with problems and 'which parts' are _not_? *WHO* pays
> me to do the research to find out where the end-user boundaries are? *WHY*
> should _I_ have to do that work -- If the 'upstream provider' is incapable
>of
> keeping _their_own_house_ clean, why should I spend the time trying to
>figure
> out which of their customers are 'bad guys' and which are not?
>
> A provider *IS* responsible for the 'customers it _keeps_'.
>
> And, unfortunately, a customer is 'tarred by the brush' of the reputation
> of it's provider.
Um, with that reasoning, why not just block the whole /0 and
be done with it?
Seriously, I used to share your frustration and would block large
swaths of the Internet for rather minor offenses. I finally realized
this practice didn't help. Why not get yourself some sort of intrusion
detection/prevention system or fully firewall your hosts. If you have
a spam problem, get an e-mail security appliance which uses reputation
filtering to reject connections?
matthew black
california state university, long beach