On Wed, Oct 29, 1997 at 03:11:21AM +0200, Hank Nussbacher wrote:
Please no religionics. Part of the below is true - part is what will happen in the near future:
I have a spammer I am trying to block. He is multihomed to me and ISP X. He has address a.b.c.d from me and address a.b.c.e from ISP X. Users started seeing spams from a.b.c.e and complained to ISP X. He shut off SMTP to the customer but the spamming continued. Turns out the user defaults out to me no matter what, so his address was a.b.c.e when coming out of me. For me that is a spoofed address. I then go to block his spoofed address. User then says, it is a valid address and I have no business blocking his IP addresses, whether he has them from me or ISP X. I then say I'll block SMTP and the user says, "show me one letter from a user on the Internet complaining to you that I am spamming". Since his dns is located elsewhere and since the IP addresses are not mine, the users aren't complaining to me - but to ISP X and perhaps ISP Y (providing him secondary DNS service). All the ISP X & Y attempts to shut out the spam aren't affective due to the multihoming.
What do we do in these cases?
Thanks, Hank
Shut him off. The bottom line is this: You have no obligation to accept traffic from anyone - unless you have a contract to the contrary. If you have a contract to the contrary, and don't have in there provisions sufficient to prevent spamming, then you're negligent and deserve what you get (including blocked by others who get tired of you being a spam-source). The Internet works because people don't abuse other's resources. If people abuse my resources, I stop allowing the abuse. If they threaten to sue, I laugh and tell them to go right ahead. We write our contracts so that we can shut off people who spam, even on the first offense. We also enforce those policies and DO shut off people who spam. I simply don't want their money - regardless of how much they pay, they cost me more than they bring in when all is said and done. This is true REGARDLESS of who the customer is. We further insist that OTHERS who want to talk to us not abuse our resources. Those who can't fathom this deserve to be firewalled off from each and every service they abuse. If the abusers turn to denial of service attacks and/or deliberate attempts to raise other's costs of doing business (rather than communicating), then dropping BGP sessions and/or refusing announcements from that ASN are appropriate as well. You don't *HAVE* to put up with it. If you do, from your customers or others, its a *choice. That *choice* has consequences. The 'Net only works because people don't do abusive things. If the norm becomes doing abusive things then there will be explicit permission filters in routers and on services rather than denial filters. Do you really want to live on a network like that? I don't. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex modem support is now available Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal