Pete Templin wrote:
John R Levine wrote:
I don't have PI space, but I do have a competent ISP so I've never had any mail problems due to adjacent addresses.
Having a competent ISP isn't a guarantee of exemption...only a contributor. As evidenced by the discussion, some people choose the scope of their wrath arbitrarily.
pt
Frank Bulk wrote:
Sounds a lot like throwing something against the wall and seeing what sticks. Or vigilantism.
Vigilatism would be me causing offender's router to flap out of existence. Matthew Black wrote:
Um, with that reasoning, why not just block the whole /0 and be done with it?
Why should filtering on this level have to be done. Why not prevent one's own users from sending out bad traffic. I can see why large provider would have an issue with this, but how about using IDS' on the way out as well. This way not one machine on your network can harm another machine on your own for starters, and someone elses. Sound too Zen.
Why not get yourself some sort of IDS/IPS system or fully firewall your hosts.
What happens when this isn't an option. What do you do when managing networks on budgets that didn't call for extra equipment. Should I let a network of mine get compromised for the sake of not having enough in the budget, or should I explain to the client after the compromise, "well you really didn't give me enough money." That will sure teach him a thing or two about technology they 1) don't care about 2) won't understand no matter how much its explained. Maybe I can repeat this to myself while I file unemployment papers.
If you have a spam problem, get an e-mail security appliance which uses reputation filtering to reject connections?
And for those clients whose budgets constraints prevented this? Should I a) allow them to receive thousands of Viagra messages b) allow their logfiles to fill with thousands of entries and false positives on SSH attacks c) allow viruses and worms to make my job more difficult. I never stated my solution was a "best practice". I stated what I've been doing and strangely its been effective for me. Yes I do have to answer to clients on why THEIR clients, friends, etc have their providers blocked, and after it is explained to them along with logfiles to support my blocks, my clients are right behind me in blocking ranges. To me it isn't the automated blocking isn't that hard to do, that's what shell scripting is for and I have no problems blocking huge blocks (/8's) if need be. As I stated, if I can take the time to make sure nothing malicious is leaving my networks - which altogether is now comprised of about a /16 if I added all ranges up - then why can't some of these other networks do the same. Especially the ones who can actually afford to go out and drop a couple of thousand, even hundreds of thousands on so called security products. If I can do it via ACL's, Linux boxes, syslog, etc., without incurring more costs to my clients, surely some of you bigger cats can do the same. I look at is a bad policy, laziness, and lack of a clue or two. And I sincerely mean this in the utmost non-disrespectful logical - call it how I see it manner. No reason to have filth leaving your network. If it does its because of bureaucratic BS (policies), lack of how to administrate a network correctly or laziness. Maybe my next step will be to post some of the emails from admins who were contacted and responded with the same old "Oh our abuse desk is right now it." Or some other generic crap, all the while my net is getting hit up. Or to re-state the strangeness coming from a response from a CISSP in NASA: "We were doing test on our network which is why your machine was getting bruteforced..." Oh really? On a side note, kudos to those who do take the time to respond, and to those who actually take a minute or two to digest it all in after I've rambled on for too long... Next thread anyone ;) -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams * J. Oquendo <sil@infiltrated.net>