RE: Port blocking last resort in fight against virus
So give up trying to control the actions of the end nodes by destroying the edge. Make sure that complaints reach the correct responsible person. Limit your involvement to careful excerpts from your customer/IP-address database, or better yet, register them in the RIR registry so that others having complaints can reach them without wasting your time.
Intersting concept... MY upstream disagrees.. They, who shall remain nameless at this point, are doing a horrible job at policing their other customers, refuse to SWIP the block to me claiming they are working on it (been a year now), and they feel they need to know about whatever complaints they get about me. HMM, if they have gotten complaints, then I haven't gotten any!! And I have complained about other customers and never seen a fix.. One system was code red infected and had no FW, after a few weeks, I tracked them down and called them myself, and got told that <ISP> never called them!!! (I reported it 5 times) This is a great idea, but I very much doubt that most ISP's will even do it. And if ISP's did this.. NOTE the spammers, they would always lie about WHOIS, RWHOIS, contact info... I dunno, there is no perfect solution here... Except, as a community we need to enforce RIR policies and actual enforce our own AUP's. (NO shots being fired here, but as we all know some ISPs AUPs are like a law-- only effect the good citizen and not the high $ customer) just my 2c worth.. J
On Wed, 13 Aug 2003, McBurnett, Jim wrote:
So give up trying to control the actions of the end nodes by destroying the edge. Make sure that complaints reach the correct responsible person. Limit your involvement to careful excerpts from your customer/IP-address database, or better yet, register them in the RIR registry so that others having complaints can reach them without wasting your time.
Intersting concept... MY upstream disagrees.. They, who shall remain nameless at this point, are doing a horrible job at policing their other customers, refuse to SWIP the block to me claiming they are working on it (been a year now), and they feel they need to know about whatever complaints they get about me.
HMM, if they have gotten complaints, then I haven't gotten any!! And I have complained about other customers and never seen a fix.. One system was code red infected and had no FW, after a few weeks, I tracked them down and called them myself, and got told that <ISP> never called them!!! (I reported it 5 times)
This is a great idea, but I very much doubt that most ISP's will even do it. And if ISP's did this.. NOTE the spammers, they would always lie about WHOIS, RWHOIS, contact info...
This -was- the way it used to work under RIPE where you always gave end user details against assigned netblock. However the current trend is not to give the end user details to avoid (a) spam; (b) your competitor harvesting your customer data In fact it is not that effective, unfortunately the end user tends not to understand the emails they receive and ignores them Steve
Subject: RE: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003 at 02:22:38PM +0100 Quoting Stephen J. Wilcox (steve@telecomplete.co.uk):
In fact it is not that effective, unfortunately the end user tends not to understand the emails they receive and ignores them
Probably the fault not so much of complicated e-mails, but fatigue from the flood of stoopid Sam Spade (and similar, but I remember SS with some extra deep sighs) e-mails falsely claiming one has spam responsability. For an extreme case, try running a multi-ccTLD name server, and spice it with some RIR allocated /8's served off the same box... Us at the top aren't very attracted by the lack of RIR entries for allocations, nor do we appreciate b0rken reverse. Blame where blame is due, please. The only involvement the ISP with the leaf node customer should do, is to act as proxy for the clueless. You are paid by the customer, so take care of that. You have a billing address (or are otherwise not that able to bill them) so there is a point of contact. Use it. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE Hand me a pair of leather pants and a CASIO keyboard -- I'm living for today!
participants (3)
-
Mans Nilsson
-
McBurnett, Jim
-
Stephen J. Wilcox