Home page logo

nanog logo nanog mailing list archives

RE: Port blocking last resort in fight against virus
From: "McBurnett, Jim" <jmcburnett () msmgmt com>
Date: Wed, 13 Aug 2003 08:26:03 -0400

So give up trying to control the actions of the end nodes by
destroying the edge. Make sure that complaints reach the correct
responsible person. Limit your involvement to careful excerpts from
your customer/IP-address database, or better yet, register them in
the RIR registry so that others having complaints can reach them
without wasting your time.

Intersting concept...
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to 
SWIP the block to me claiming they are working on it (been a year now), 
and they feel they need to know about whatever complaints they 
get about me.

HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks, 
I tracked them down and called them myself, and got told that 
<ISP> never called them!!!
(I reported it 5 times)

This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about 
WHOIS, RWHOIS, contact info...

I dunno, there is no perfect solution here... Except, as a community 
we need to enforce RIR policies and actual enforce our own AUP's.
(NO shots being fired here, but as we all know some ISPs AUPs are like
a law-- only effect the good citizen and not the high $ customer)

just my 2c worth..

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]