mailing list archives
RE: Port blocking last resort in fight against virus
From: "McBurnett, Jim" <jmcburnett () msmgmt com>
Date: Wed, 13 Aug 2003 08:26:03 -0400
So give up trying to control the actions of the end nodes by
destroying the edge. Make sure that complaints reach the correct
responsible person. Limit your involvement to careful excerpts from
your customer/IP-address database, or better yet, register them in
the RIR registry so that others having complaints can reach them
without wasting your time.
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to
SWIP the block to me claiming they are working on it (been a year now),
and they feel they need to know about whatever complaints they
get about me.
HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks,
I tracked them down and called them myself, and got told that
<ISP> never called them!!!
(I reported it 5 times)
This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about
WHOIS, RWHOIS, contact info...
I dunno, there is no perfect solution here... Except, as a community
we need to enforce RIR policies and actual enforce our own AUP's.
(NO shots being fired here, but as we all know some ISPs AUPs are like
a law-- only effect the good citizen and not the high $ customer)
just my 2c worth..