RE: Port blocking last resort in fight against virus

["Stephen J. Wilcox" <steve () telecomplete co uk>]

On Wed, 13 Aug 2003, McBurnett, Jim wrote:

> > So give up trying to control the actions of the end nodes by
> > destroying the edge. Make sure that complaints reach the correct
> > responsible person. Limit your involvement to careful excerpts from
> > your customer/IP-address database, or better yet, register them in
> > the RIR registry so that others having complaints can reach them
> > without wasting your time.
>
> Intersting concept...
> MY upstream disagrees.. They, who shall remain nameless at this point,
> are doing a horrible job at policing their other customers, refuse to 
> SWIP the block to me claiming they are working on it (been a year now), 
> and they feel they need to know about whatever complaints they 
> get about me.
>
> HMM, if they have gotten complaints, then I haven't gotten any!!
> And I have complained about other customers and never seen a fix..
> One system was code red infected and had no FW, after a few weeks, 
> I tracked them down and called them myself, and got told that 
> <ISP> never called them!!!
> (I reported it 5 times)
>
> This is a great idea, but I very much doubt that most ISP's will even do it.
> And if ISP's did this.. NOTE the spammers, they would always lie about 
> WHOIS, RWHOIS, contact info...

This -was- the way it used to work under RIPE where you always gave end user 
details against assigned netblock. However the current trend is not to give the 
end user details to avoid (a) spam; (b) your competitor harvesting your customer 
data

In fact it is not that effective, unfortunately the end user tends not to 
understand the emails they receive and ignores them

Steve