North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Abuse procedures... Reality Checks

  • From: J. Oquendo
  • Date: Sat Apr 07 15:54:12 2007

On Sat, 07 Apr 2007, Frank Bulk wrote:

> Joe:
> 
> I understand your frustration and appreciate your efforts to contact the
> sources of abuse, but why indiscriminately block a larger range of IPs than
> what is necessary?  
> 

Far too many times I've tried to contact those who have the DIRECT ability
to make things happen and the same constant whiny "Contact our abuse desk"
reponse was given. What mainly happens here on out is the following, if
someone on that subnet needs to do something on mine, many will contact me
or others that work with me and state "Why can't we connect?!" The situation
will be explained and they'll be told to contact their provider. This seems
to be the only logical method I've personally found for some of the bigger
provider to respond to incidents. Hit them where it hurts, let them have
their own customers bitch and moan about their inability to get things
done. Sure its not fair to single out an entire subnet. I've gone as far
as blocking LACNIC, APNIC, RIPE, /8's on ARIN at a clip for days on end
until someone from the offending provider contacted me. Then and only
then was I able to get something done. 

So to answer your question about fairness... It's not fair by any
means, but it is effective. I see it as follows... If someone on one
of my networks is offending someone else, I'm nipping it in the bud
to avoid the possibility of any legal repercussions. And although it
may seem far fetched to look at things in such fashion, I'd rather
be safe than sorry. I'd also like to be accountable since after all
when it boils down to it, it is my job as a network engineer, security
engineer to ensure nothing malicious comes into my network as well
as exits my network. Its a two way street.

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey