North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BL of Compromised Hosts?

  • From: Tom (UnitedLayer)
  • Date: Mon Feb 23 15:44:40 2004

On Mon, 23 Feb 2004, william(at)elan.net wrote:
> I find that most admins that decides on RBL lists are well educated about
> what lists they choose to use are (the end-users are however not always
> well informed about it and that is where most of the complaints are
> coming from).

The fact that people use some of the ridiculous RBLs out there indicates
that there are still quite a few boneheads out there, and I'd be willing
to bet that they outnumber the clued ones.

You'd be suprised at how many times I've come into a consulting situation
and had to explain to executives that their problems came from some admin
using blacklists with high casualty rates and irresponsible practices
(SPEWS/etc). But hey, it gives me lots of consulting opportunity, so I
guess I shouldn't complain too much.

Every time someone gets fired/reprimanded for using SPEWS or some other
kind of list, I'm sure one more person springs up to fill their place.

> I suspect that BGP admins are by their nature even better educated and
> will likely do even more research prior to using anything.

Don't be so sure of that either;  I regularly find poorly configured
routers redistributing default, loads of /24s and even /30's into their
neighbors.