North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Abuse procedures... Reality Checks

  • From: Chris Owen
  • Date: Sat Apr 07 17:40:24 2007
  • Domainkey-signature: a=rsa-sha1; b=fO3uvPY27e92otK7/0nDDvUzO/Jxj/QN9IRyEY+jWlE2ymYWnjlBqTkte5jt4QW3SMmzGI/mOPLPSJ66f5rgGc1LDN9n8c3v4xRUt2oav2gn4AUuqkiFRVYl3fEluwUN0byKYsBBBHZhmND3zMKvIKzBn7+8r2VhsFuAl/iqs+k=; c=nofws; d=hubris.net; q=dns; s=hubris


-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Apr 7, 2007, at 4:20 PM, Frank Bulk wrote:

Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your
(understandable) frustration is preventing you from agreeing with me on this
specific case. Because what you usually see is an IP from a /20 or larger
and the network operators aren't dealing with it. In the example I gave
it's really the smaller /29 that's the culprit, it sounds like you want to
punish a larger group, perhaps as large as an AS, for the fault of smaller
network.

Well it sounds like the original poster is trying to punish the "network operator" by intentionally blocking innocent bystanders and therefore causing them grief so if that is your goal then a /24 seems like a decent arbitrary size. You are mostly sure you won't block across providers that way at least.


However, even if this isn't your goal it can be really hard sometimes to have any clue how big a netblock is for a particular IP address. ARIN may make small folks like us jump through hoops but apparently this isn't true for larger providers. We often run into abuse from IP addresses (or a range of addresses) where there is no rwhois sever and the entire /19 or larger is SWIPed as a single netblock. I've seen some really, really large blocks with absolutely no sub- delegation when clearly the addresses are sub-delegated.

We will often temporary block a /24 on email blacklists for instance. When you're getting pounded from a range of 30 or 50 IP addresses and can't get any response from the upstream then it is farily obvious they are less than white hat so we're willing to live with the collateral damage.

Chris

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen         ~ Garden City (620) 275-1900 ~  Lottery (noun):
President          ~ Wichita     (316) 858-3000 ~    A stupidity tax
Hubris Communications Inc      www.hubris.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGGA6nElUlCLUT2d0RAkWzAJ4mjXT5gwB0psG7e/YhmzUcFXhksgCgyx2g
5VDgB0KMLyMFIdVzrPaPGJI=
=E5xl
-----END PGP SIGNATURE-----