nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons

From: Mark Radabaugh <mark () amplex net>
Date: Tue, 06 Mar 2007 18:24:22 -0500

Mikael Abrahamsson wrote:


On Tue, 6 Mar 2007, Sean Donelan wrote:


Isn't this true of everything (bad source addresses, worms, abuse,
etc). Does hiding/ignoring the problem just makes it worse because
there is no incentive to fix the problem while it is still a small
problem? If it isn't important enough to bother the customer, why
bother to fix it?


Let's take a concrete example:

Customer gets hacked, one of their boxen starts spewing traffic with
spoofed addresses. The way I understand your solution is to
automatically shut their port and disrupt all their traffic, and have
them call customer support to get any further.

Do you really think this is a good solution?

I don't see any customer with a choice continuing having a
relationship with me if I treat them like that. It will cost me and
them too much.

So instead I just drop their spoofed traffic and if they call and say
that their line is slow, I'll just say it's full and they can
themselves track down the offending machine and shut it off to solve
the problem.


Neither one is really all that good but both have merit - some
compromises are in order.    We shut them off only if it's causing
serious problems.

 If we can mitigate the problem without shutting them off completely we
will.   The usual example is customers spewing spam on port 25.   We
block port 25 at the customers CPE and notify them as to why and how to
work around the block (use webmail or submission) while they fix the
problem.    It's amazing how many customers are just plain OK with that
and never do get around to fixing the machine - but at least they know
that we blocked something for a reason.

Anything you do silently tends to cause customers to decide 'you suck'
and go elsewhere.   Line is slow 'cause there machine is beating it to
death?   Just get a new provider.   When the new one also sucks they
either shrug and decide that's the way it is or finally fix the
problem.   Either way the customer is lost to you 'cause they won't come
back even after they figure out it was their problem in the first place.

Shutting them off causes churn, leaving problems silently in place also
causes churn.  The middle road mitigates damage and still manages to
keep the customers happy (well.. that might be stretching it a
bit...happier?).

-- 
Mark Radabaugh 
Amplex

mark () amplex net  419.837.5015
Previous By Date Next
Previous By Thread Next

Current thread: