nanog mailing list archives
Re: Repeated Blacklisting / IP reputation
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 15 Sep 2009 21:22:02 -0400
On Tue, Sep 15, 2009 at 5:31 PM, Zaid Ali <zaid () zaidali com> wrote:
I think costs of maintaining an abuse helpdesk is a big factor here. I don't see many ISP's putting money and resources into an abuse helpdesk and this is because it is low cost to obtain a Netblock so why should one employ and
have you ever had to re-number a customer, several customers, a hundred?? 'getting a new netblock is low cost' is hardly an accurate statement, especially if you keep in mind that you have to justify the usage of old netblocks in order to obtain the new one.
build expertise on managing it. If you go to SpamHaus you will see a major ISP and their netblocks listed and associated with known spammers. What is this ISP doing about this? Nothing! My guess is that they look at their
'nothing' that you can see? or nothing? or something you can't see or that's taking longer than you'd expect/like? There certainly are bad actors out there, but I think the majority are doing things to keep clean, perhaps not in the manner you would like (or the speed you would like or with as much public information as you'd like).
From the outside most ISP operations look quite opaque, proclaiming
'Nothing is being done' simply looks uneducated and shortsighted.
bottom $$ and look at Spamming customer A and say "crap we will be spending $$$ on this customer just to get them off SpamHaus so just leave it, we are afterall in the bandwidth business". If ARIN were to say to this major ISP that they wont allocate more addresses to them until they adhere to an AUP then maybe the game will change but the bigger question here is should ARIN get into this kind of policy.
doubtful that: 1) arin would say this (not want to be net police), 2) isp's couldn't show (for the vast majority of isps) that they are in fact upholding their AUP. -chris
On Sep 15, 2009, at 1:31 PM, Christopher Morrow wrote:On Tue, Sep 15, 2009 at 4:23 PM, <Valdis.Kletnieks () vt edu> wrote:On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests.You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"?Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :( Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :( -Chris
Current thread:
- RE: Repeated Blacklisting / IP reputation, (continued)
- RE: Repeated Blacklisting / IP reputation Shawn Somers (Sep 15)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 15)
- Re: Repeated Blacklisting / IP reputation Valdis . Kletnieks (Sep 15)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 15)
- Re: Repeated Blacklisting / IP reputation bmanning (Sep 15)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 15)
- Re: Repeated Blacklisting / IP reputation bmanning (Sep 15)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 15)
- RE: Repeated Blacklisting / IP reputation Lee Howard (Sep 16)
- RE: Repeated Blacklisting / IP reputation Shawn Somers (Sep 15)
- Re: Repeated Blacklisting / IP reputation Zaid Ali (Sep 15)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 15)
- Re: Repeated Blacklisting / IP reputation Joel Jaeggli (Sep 15)
- Re: Repeated Blacklisting / IP reputation Christopher Morrow (Sep 15)
- Re: Repeated Blacklisting / IP reputation Brandon Lehmann (Sep 15)