-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "william(at)elan.net" <william@elan.net> wrote:
On Sat, 7 Apr 2007, Fergie wrote:
I would have to respectfully disagree with you. When network operators do due diligence and SWIP their sub-allocations, they (the sub-allocations) should be authoritative in regards to things like RBLs.
Yes. But the answer is that it also depends how many other cases like this exist from same operator. If they have 16 suballocations in /24 but say 5 of them are spewing, I'd block /24 (or larger) ISP block.
Why? When you can block on more specific prefixes? This just doesn't make sense to me.
The exact % of bad blocks (i.e. when to start blocking ISP) depends on your point of view and history with that ISP but most in fact do held ISPs partially responsible.
Indeed -- your point of view. Which I would argue is unfair and not "due diligence". - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.0 (Build 214) wj8DBQFGGBv8q1pz9mNUZTMRAuufAKC+/0DwFmrVA15UZaNib02GgR25MgCdFlu3 45XhfZTvgE+Oaiij4LoLNh0= =MO1u -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/