On Mon, 09 Apr 2007 17:11:28 EDT, "Azinger, Marla" said:
In my company some functions related to sending a SWIP are automated, but my company has people on staff who know that it is happening and what it means.
Just because *your* site has enough clue to get it right doesn't mean that the *average* site has enough clue to get it right. In fact, I'll go out on a limb and posit that *in the cases I care about*, it's even *less* likely that the SWIP is correct, because the same general attitude of cluelessness that made them unable to police their users and enforce their AUP (resulting in malicious packets arriving at my network) will also tend to mean they didn't get the SWIP right. So to sum up: The sites that *do* SWIP right are more likely to deal with their user before I hear about it, causing me to *check* the whois. Meanwhile, the sites that cluelessly allow malicious traffic also often don't SWIP right - and that results in me contemplating the smallest range I *do* see in the whois data. They didn't SWIP it so I could find the offending /26, that's tough noogies for the rest of their /18. Now where did I leave my Nomex jumpsuit? :)