RE: Port blocking last resort in fight against virus

McBurnett_Jim · August 13, 2003, 12:26pm

So give up trying to control the actions of the end nodes by
destroying the edge. Make sure that complaints reach the correct
responsible person. Limit your involvement to careful excerpts from
your customer/IP-address database, or better yet, register them in
the RIR registry so that others having complaints can reach them
without wasting your time.

Intersting concept...
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to
SWIP the block to me claiming they are working on it (been a year now),
and they feel they need to know about whatever complaints they
get about me.

HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks,
I tracked them down and called them myself, and got told that
<ISP> never called them!!!
(I reported it 5 times)

This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about
WHOIS, RWHOIS, contact info...

I dunno, there is no perfect solution here... Except, as a community
we need to enforce RIR policies and actual enforce our own AUP's.
(NO shots being fired here, but as we all know some ISPs AUPs are like
a law-- only effect the good citizen and not the high $ customer)

just my 2c worth..
J

Stephen_J_Wilcox1 · August 13, 2003, 1:22pm

This -was- the way it used to work under RIPE where you always gave end user
details against assigned netblock. However the current trend is not to give the
end user details to avoid (a) spam; (b) your competitor harvesting your customer
data

In fact it is not that effective, unfortunately the end user tends not to
understand the emails they receive and ignores them

Steve

Mans_Nilsson1 · August 13, 2003, 1:26pm

In fact it is not that effective, unfortunately the end user tends not to
understand the emails they receive and ignores them

Probably the fault not so much of complicated e-mails, but fatigue
from the flood of stoopid Sam Spade (and similar, but I remember
SS with some extra deep sighs) e-mails falsely claiming one has
spam responsability.

For an extreme case, try running a multi-ccTLD name server, and spice it
with some RIR allocated /8's served off the same box...

Us at the top aren't very attracted by the lack of RIR entries for
allocations, nor do we appreciate b0rken reverse. Blame where blame
is due, please.

The only involvement the ISP with the leaf node customer should do,
is to act as proxy for the clueless. You are paid by the customer,
so take care of that. You have a billing address (or are otherwise
not that able to bill them) so there is a point of contact. Use it.