RE: Abuse procedures... Reality Checks
Comcast is known to emit lots of abuse -- are you blocking all their networks today? Frank -----Original Message----- From: Frank Bulk Sent: Tuesday, April 10, 2007 7:43 AM To: nanog@merit.edu Subject: Re: Abuse procedures... Reality Checks On Sat, Apr 07, 2007 at 09:50:34PM +0000, Fergie wrote:
I would have to respectfully disagree with you. When network operators do due diligence and SWIP their sub-allocations, they (the sub-allocations) should be authoritative in regards to things like RBLs.
After thinking it over: I partly-to-mostly agree. In principal, yes. In practice, however, [some] negligent network operators have built such long and pervasive track records of large-scale abuse that their allocations can be classified into two categories: 1. Those that have emitted lots of abuse. 2. Those that are going to emit lots of abuse. In such cases, I'm not inclined to wait for (2) to become reality. ---Rsk
On Tue, Apr 10, 2007 at 07:44:59AM -0500, Frank Bulk wrote:
Comcast is known to emit lots of abuse -- are you blocking all their networks today?
All? No. But I shouldn't find it necessary to block ANY, and wouldn't, if Comcast wasn't so appallingly negligent. ( I'm blocking huge swaths of Comcast space from port 25. This shouldn't really surprise anyone; Comcast runs what may well be the most prolific spam-spewing network in the world. I saw attempts from 80,000+ distinct IP addresses during January 2007 alone -- to a *test* mail server. I should have seen zero. The mitigation techniques for making that happen are well-known, have been well-known for years, and can be implemented easily by any competent organization.) This, by the way, should not be taken as indicative of either what I've done in the past or may do in the future. Nor should it be taken as indicative of what decisions I've made in re other networks. ---Rsk
participants (2)
-
Frank Bulk
-
Rich Kulawiec