Home page logo

nanog logo nanog mailing list archives

RE: Port blocking last resort in fight against virus
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Wed, 13 Aug 2003 14:22:38 +0100 (BST)

On Wed, 13 Aug 2003, McBurnett, Jim wrote:

So give up trying to control the actions of the end nodes by
destroying the edge. Make sure that complaints reach the correct
responsible person. Limit your involvement to careful excerpts from
your customer/IP-address database, or better yet, register them in
the RIR registry so that others having complaints can reach them
without wasting your time.

Intersting concept...
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to 
SWIP the block to me claiming they are working on it (been a year now), 
and they feel they need to know about whatever complaints they 
get about me.

HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks, 
I tracked them down and called them myself, and got told that 
<ISP> never called them!!!
(I reported it 5 times)

This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about 
WHOIS, RWHOIS, contact info...

This -was- the way it used to work under RIPE where you always gave end user 
details against assigned netblock. However the current trend is not to give the 
end user details to avoid (a) spam; (b) your competitor harvesting your customer 

In fact it is not that effective, unfortunately the end user tends not to 
understand the emails they receive and ignores them


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]