Re: Abuse procedures... Reality Checks

• From: william(at)elan.net
• Date: Sat Apr 07 18:03:14 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Rich Kulawiec <[email protected]> wrote:

1. There's nothing "indiscriminate" about it.

I often block /24's and larger because I'm holding the *network* operators
responsible for what comes out of their operation.  If they can't hold
the outbound abuse down to a minimum, then I guess I'll have to make
up for their negligence on my end.  I don't care why it happens -- they
should have thought through all this BEFORE plugging themselves in
and planned accordingly.  ("Never build something you can't control.")

I would have to respectfully disagree with you. When network
operators do due diligence and SWIP their sub-allocations, they
(the sub-allocations) should be authoritative in regards to things
like RBLs.

$.02,

Yes. But the answer is that it also depends how many other cases like
this exist from same operator. If they have 16 suballocations in /24
but say 5 of them are spewing, I'd block /24 (or larger) ISP block.
The exact % of bad blocks (i.e. when to start blocking ISP) depends
on your point of view and history with that ISP but most in fact do
held ISPs partially responsible.

--
William Leibzon
Elan Networks
[email protected]

• Follow-Ups:
  • RE: Abuse procedures... Reality Checks Frank Bulk

• References:
  • Re: Abuse procedures... Reality Checks Fergie

• Prev by Date: Re: Abuse procedures... Reality Checks
• Next by Date: RE: Abuse procedures... Reality Checks
• Date Index
• Thread Index
• Author Index
• Historical