On Sat, 7 Apr 2007, Fergie wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Rich Kulawiec <rsk@gsp.org> wrote:
1. There's nothing "indiscriminate" about it.
I often block /24's and larger because I'm holding the *network* operators responsible for what comes out of their operation. If they can't hold the outbound abuse down to a minimum, then I guess I'll have to make up for their negligence on my end. I don't care why it happens -- they should have thought through all this BEFORE plugging themselves in and planned accordingly. ("Never build something you can't control.")
I would have to respectfully disagree with you. When network operators do due diligence and SWIP their sub-allocations, they (the sub-allocations) should be authoritative in regards to things like RBLs.
$.02,
Yes. But the answer is that it also depends how many other cases like this exist from same operator. If they have 16 suballocations in /24 but say 5 of them are spewing, I'd block /24 (or larger) ISP block. The exact % of bad blocks (i.e. when to start blocking ISP) depends on your point of view and history with that ISP but most in fact do held ISPs partially responsible. -- William Leibzon Elan Networks william@elan.net