[95881] in North American Network Operators' Group
RE: Abuse procedures... Reality Checks
daemon@ATHENA.MIT.EDU (Barry Shein)
Sun Apr 8 19:13:21 2007
From: Barry Shein <bzs@world.std.com>
Date: Sun, 8 Apr 2007 19:11:41 -0400
To: Robert Bonomi <bonomi@mail.r-bonomi.com>
Cc: nanog@merit.edu
In-Reply-To: <200704080141.l381fJ4E018879@s25.firmware.com>
Errors-To: owner-nanog@merit.edu
Bingo. Read the note below again, it is the path to enlightenment,
Shein's law of resources:
Needs, no matter how dire or just, do not alone create the
resources necessary to fulfill.
On April 7, 2007 at 20:41 bonomi@mail.r-bonomi.com (Robert Bonomi) wrote:
>
>
> > From: "Frank Bulk" <frnkblk@iname.com>
> > Subject: RE: Abuse procedures... Reality Checks
> > Date: Sat, 7 Apr 2007 16:20:59 -0500
> >
> > > If they can't hold the outbound abuse down to a minimum, then
> > > I guess I'll have to make up for their negligence on my end.
> >
> > Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your
> > (understandable) frustration is preventing you from agreeing with me on this
> > specific case. Because what you usually see is an IP from a /20 or larger
> > and the network operators aren't dealing with it. In the example I gave
> > it's really the smaller /29 that's the culprit, it sounds like you want to
> > punish a larger group, perhaps as large as an AS, for the fault of smaller
> > network.
>
> BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's
> network are riddled with problems and 'which parts' are _not_? *WHO* pays
> me to do the research to find out where the end-user boundaries are? *WHY*
> should _I_ have to do that work -- If the 'upstream provider' is incapable of
> keeping _their_own_house_ clean, why should I spend the time trying to figure
> out which of their customers are 'bad guys' and which are not?
>
> A provider *IS* responsible for the 'customers it _keeps_'.
>
> And, unfortunately, a customer is 'tarred by the brush' of the reputation
> of it's provider.
>
> > Smaller operators, like those that require just a /29, often don't have that
> > infrastructure. Those costs, as I'm sure you aware, are passed on to
> > companies like yourself that have to maintain their own network's security.
> > Again, block them, I say, just don't swallow others up in the process.
>
> If the _UPSTREAM_ of that 'small operator' cannot 'police' its own customers,
> Why should _I_ absorb the costs that _they_ are unwilling to internalize?
>
> If they want to sell 'cheap' service, but not 'doing what is necessary', I
> see no reason to 'facilitate' their cut-rate operations.
>
> Those who buy service from such a provider, 'based on cost', *deserve* what
> they get, when their service "doesn't work as well" as that provided by the
> full-price competition.
>
> _YOUR_ connectivity is only as good as the 'reputation' of whomever it is
> that you buy connectivity from.
>
> You might want to consider _why_ the provider *keeps* that 'offensive'
> customer. There would seem to be only a few possible explanations: (1) they
> are 'asleep at the switch', (2) that customer pays enough that they can
> 'afford' to have multiple other customers who are 'dis-satisfied', or who
> may even leave that provider, (3) they aren't willing to 'spend the money'
> to run a clean operation. (_None_ of those seems like a good reason for _me_
> to spend extra money 'on behalf of' _their_ clients.)