North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Abuse procedures... Reality Checks
Bingo. Read the note below again, it is the path to enlightenment, Shein's law of resources: Needs, no matter how dire or just, do not alone create the resources necessary to fulfill. On April 7, 2007 at 20:41 [email protected] (Robert Bonomi) wrote: > > > > From: "Frank Bulk" <[email protected]> > > Subject: RE: Abuse procedures... Reality Checks > > Date: Sat, 7 Apr 2007 16:20:59 -0500 > > > > > If they can't hold the outbound abuse down to a minimum, then > > > I guess I'll have to make up for their negligence on my end. > > > > Sure, block that /29, but why block the /24, /20, or even /8? Perhaps your > > (understandable) frustration is preventing you from agreeing with me on this > > specific case. Because what you usually see is an IP from a /20 or larger > > and the network operators aren't dealing with it. In the example I gave > > it's really the smaller /29 that's the culprit, it sounds like you want to > > punish a larger group, perhaps as large as an AS, for the fault of smaller > > network. > > BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's > network are riddled with problems and 'which parts' are _not_? *WHO* pays > me to do the research to find out where the end-user boundaries are? *WHY* > should _I_ have to do that work -- If the 'upstream provider' is incapable of > keeping _their_own_house_ clean, why should I spend the time trying to figure > out which of their customers are 'bad guys' and which are not? > > A provider *IS* responsible for the 'customers it _keeps_'. > > And, unfortunately, a customer is 'tarred by the brush' of the reputation > of it's provider. > > > Smaller operators, like those that require just a /29, often don't have that > > infrastructure. Those costs, as I'm sure you aware, are passed on to > > companies like yourself that have to maintain their own network's security. > > Again, block them, I say, just don't swallow others up in the process. > > If the _UPSTREAM_ of that 'small operator' cannot 'police' its own customers, > Why should _I_ absorb the costs that _they_ are unwilling to internalize? > > If they want to sell 'cheap' service, but not 'doing what is necessary', I > see no reason to 'facilitate' their cut-rate operations. > > Those who buy service from such a provider, 'based on cost', *deserve* what > they get, when their service "doesn't work as well" as that provided by the > full-price competition. > > _YOUR_ connectivity is only as good as the 'reputation' of whomever it is > that you buy connectivity from. > > You might want to consider _why_ the provider *keeps* that 'offensive' > customer. There would seem to be only a few possible explanations: (1) they > are 'asleep at the switch', (2) that customer pays enough that they can > 'afford' to have multiple other customers who are 'dis-satisfied', or who > may even leave that provider, (3) they aren't willing to 'spend the money' > to run a clean operation. (_None_ of those seems like a good reason for _me_ > to spend extra money 'on behalf of' _their_ clients.)
|