Re: Abuse procedures... Reality Checks

North American Network Operators Group

Re: Abuse procedures... Reality Checks

From: Chris Owen
Date: Mon Apr 09 17:48:47 2007

Domainkey-signature: a=rsa-sha1; b=JUI67LSFb1rIeS17tSu842PeXad/FMABvzoFOwRhFS9MNCQd9wWtF6H4qKLOOQdM4/m8qxFYIn29kAajXqHvGPEDPEOS4m81TJXFPJodsQl+SmyZWXjVyK2xzPh4OufCzQHPuUpXHtqLPKxwCCljQ9gFsLn2ch9FChfU53LKrOM=; c=nofws; d=hubris.net; q=dns; s=hubris


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 9, 2007, at 3:41 PM, Pete Templin wrote:

Chris Owen wrote:
Well, "well managed" to me would mean that allocations from that / 20 were SWIPed or a rwhois server was running so that if any of those 4,000 IP addresses does something bad you don't get caught in the middle.
Due diligence with SWIP/rwhois only means that one customer is well documented apart from another. As this thread has highlighted, some people filter/block based on random variables: the covering / 24, the covering aggregate announcement, and/or arbitrary bit lengths. If a particular server is within the scope of what someone decides to filter/block, it gets filtered or blocked. Good SWIPs/rwhois entries don't mean jack to those admins.

Well it means something to me. I'm not one for widely cast blacklists but for something like a series of IP addresses all spewing spam from I will often put temporary /24 filters in place if I'm unable to determine exactly where the actual block boundaries are. If the addresses are SWIPed/rwhois then that is much easier and there is no need for such a wide net.

Chris


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen         ~ Garden City (620) 275-1900 ~  Lottery (noun):
President          ~ Wichita     (316) 858-3000 ~    A stupidity tax
Hubris Communications Inc      www.hubris.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGGrCbElUlCLUT2d0RAtbYAJ9T4nFgTeFyUJ2q2uMGPjQYizk4CwCg1Vx4
b+HHAd8UgvH9sNvFHGHo+fY=
=WhjM
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGGrIOElUlCLUT2d0RAjEPAKDCcQyFlkC/6DC8jdIbsKFIC1bO5ACgyUk6
GOHudBwokEt56tglHnrpYV8=
=00rY
-----END PGP SIGNATURE-----

References:
- Re: Abuse procedures... Reality Checks John Levine
- Re: Abuse procedures... Reality Checks Douglas Otis
- Re: Abuse procedures... Reality Checks Florian Weimer
- Re: Abuse procedures... Reality Checks John R Levine
- Re: Abuse procedures... Reality Checks Pete Templin
- Re: Abuse procedures... Reality Checks John L
- Re: Abuse procedures... Reality Checks Chris Owen
- Re: Abuse procedures... Reality Checks Pete Templin

Prev by Date: Re: Abuse procedures... Reality Checks
Next by Date: Re: Abuse procedures... Reality Checks
Date Index
Thread Index
Author Index
Historical