RE: Port blocking last resort in fight against virus

["McBurnett, Jim" <jmcburnett () msmgmt com>]

> So give up trying to control the actions of the end nodes by
> destroying the edge. Make sure that complaints reach the correct
> responsible person. Limit your involvement to careful excerpts from
> your customer/IP-address database, or better yet, register them in
> the RIR registry so that others having complaints can reach them
> without wasting your time.

Intersting concept...
MY upstream disagrees.. They, who shall remain nameless at this point,
are doing a horrible job at policing their other customers, refuse to 
SWIP the block to me claiming they are working on it (been a year now), 
and they feel they need to know about whatever complaints they 
get about me.

HMM, if they have gotten complaints, then I haven't gotten any!!
And I have complained about other customers and never seen a fix..
One system was code red infected and had no FW, after a few weeks, 
I tracked them down and called them myself, and got told that 
<ISP> never called them!!!
(I reported it 5 times)

This is a great idea, but I very much doubt that most ISP's will even do it.
And if ISP's did this.. NOTE the spammers, they would always lie about 
WHOIS, RWHOIS, contact info...

I dunno, there is no perfect solution here... Except, as a community 
we need to enforce RIR policies and actual enforce our own AUP's.
(NO shots being fired here, but as we all know some ISPs AUPs are like
a law-- only effect the good citizen and not the high $ customer)

just my 2c worth..
J