Re: Abuse procedures... Reality Checks

[Matthew Black <black () csulb edu>]

On Sat, 7 Apr 2007 20:41:19 -0500 (CDT)
 Robert Bonomi <bonomi () mail r-bonomi com> wrote:
> BLUNT QUESTIONS:  *WHO*  pays me to figure out 'which parts' of a 
> provider's
> network are riddled with problems and 'which parts' are _not_?  *WHO* pays
> me to do the research to find out where the end-user boundaries are? *WHY*
> should _I_ have to do that work -- If the 'upstream provider' is incapable 
> of
> keeping _their_own_house_ clean, why should I spend the time trying to 
> figure
> out which of their customers are 'bad guys' and which are not?
>
> A provider *IS* responsible for the 'customers it _keeps_'.
>
> And, unfortunately, a customer is 'tarred by the brush' of the reputation
> of it's provider.


Um, with that reasoning, why not just block the whole /0 and
be done with it?

Seriously, I used to share your frustration and would block large
swaths of the Internet for rather minor offenses. I finally realized
this practice didn't help. Why not get yourself some sort of intrusion
detection/prevention system or fully firewall your hosts. If you have
a spam problem, get an e-mail security appliance which uses reputation
filtering to reject connections?

matthew black
california state university, long beach