RE: Abuse procedures... Reality Checks

["Frank Bulk" <frnkblk () iname com>]

Stephen:

Are you saying that if there's nefarious IP out there let's automatically
blacklist the /24 of that IP?  J. Oquendo was describing his own methods and
they sounded quite manual, manual enough that he's getting down to a /8 as
necessary to blacklist a non-responsive operator.  My point is that if
you're going to block something, either block the /32 or do the research to
justify blocking a larger group.

And despite ToS, I think many operators are running automated lookups, and
there are lots of examples out there for ARIN.

Frank

-----Original Message-----
From: Stephen Satchell [mailto:list () satchell net] 
Sent: Saturday, April 07, 2007 5:44 PM
To: frnkblk () iname com
Cc: nanog () nanog org
Subject: Re: Abuse procedures... Reality Checks

Frank Bulk wrote:
> [[Attribution deleted by Frank Bulk]]
> > Neither I nor J. Oquendo nor anyone else are required to 
> > spend our time, our money, and our resources figuring out which 
> > parts of X's network can be trusted and which can't.  
>
> It's not that hard, the ARIN records are easy to look up.  Figuring out
that
> network operator has a /8 that you want to block based on 3 or 4 IPs in
> their range requires just as much work.

It's *very* hard to do it with an automated system, as such automated 
look-ups are against the Terms of Service for every single RIR out there.

Please play the bonus round:  try again.