Seems to me this random prefix-based blocking by major sites, then let's-use-nanog-to-fix-it, is not a great methodology. I block whole /18s and such to deal with .cn/.ru botnets too, but luckily my cxs' cxs are mostly North American, few complaints yet. Sledgehammer style - indelicate. Is there a better method other than us sheep bleating helplessly at behemoths who might not even have a presence on Nanog-l? This sledgehammer blacklisting results in a filter where smaller than /16 doesnt get addressed due to time cost of dealing with fewer revenue-generating eyeballs per ticket. Result: big ISPs win though sieve effect. Google has adopted a 'blacklist for a while' policy with their spam control, which mostly works but can leave you in the dark as to why you're continually relisted for no obvious reason - no humans out there to help directly, so it's back to bleating on nanog by Nate and friends. What more 'official' and formalized mechanisms can we use? /kc On Mon, Feb 06, 2017 at 12:19:00PM -0500, Ethan E. Dee said:
So their policy says, if an ISP has one scalper, we'll block their entire subnet and not tell them why?
-- Ken Chase - math@sizone.org Guelph Canada