On Sat, 07 Apr 2007, Frank Bulk wrote:
Joe:
I understand your frustration and appreciate your efforts to contact the sources of abuse, but why indiscriminately block a larger range of IPs than what is necessary?
Far too many times I've tried to contact those who have the DIRECT ability to make things happen and the same constant whiny "Contact our abuse desk" reponse was given. What mainly happens here on out is the following, if someone on that subnet needs to do something on mine, many will contact me or others that work with me and state "Why can't we connect?!" The situation will be explained and they'll be told to contact their provider. This seems to be the only logical method I've personally found for some of the bigger provider to respond to incidents. Hit them where it hurts, let them have their own customers bitch and moan about their inability to get things done. Sure its not fair to single out an entire subnet. I've gone as far as blocking LACNIC, APNIC, RIPE, /8's on ARIN at a clip for days on end until someone from the offending provider contacted me. Then and only then was I able to get something done. So to answer your question about fairness... It's not fair by any means, but it is effective. I see it as follows... If someone on one of my networks is offending someone else, I'm nipping it in the bud to avoid the possibility of any legal repercussions. And although it may seem far fetched to look at things in such fashion, I'd rather be safe than sorry. I'd also like to be accountable since after all when it boils down to it, it is my job as a network engineer, security engineer to ensure nothing malicious comes into my network as well as exits my network. Its a two way street. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey