mailing list archives
RE: Port blocking last resort in fight against virus
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Wed, 13 Aug 2003 14:22:38 +0100 (BST)
On Wed, 13 Aug 2003, McBurnett, Jim wrote:
So give up trying to control the actions of the end nodes by
destroying the edge. Make sure that complaints reach the correct
responsible person. Limit your involvement to careful excerpts from
your customer/IP-address database, or better yet, register them in
the RIR registry so that others having complaints can reach them
without wasting your time.
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to
SWIP the block to me claiming they are working on it (been a year now),
and they feel they need to know about whatever complaints they
get about me.
HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks,
I tracked them down and called them myself, and got told that
<ISP> never called them!!!
(I reported it 5 times)
This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about
WHOIS, RWHOIS, contact info...
This -was- the way it used to work under RIPE where you always gave end user
details against assigned netblock. However the current trend is not to give the
end user details to avoid (a) spam; (b) your competitor harvesting your customer
In fact it is not that effective, unfortunately the end user tends not to
understand the emails they receive and ignores them