[Dshield] Idea for dealing with ISPs that ignore abuse notificatons was RE: The Art/Tao/Zen of Abuse e-mails (Was: [Fwd: WHY IS YOURCUSTOMER...])

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Aug 25 20:01:53 GMT 2006


On Fri, 25 Aug 2006 08:19:02 PDT, "Tomas L. Byrnes" said:
> One way to change those economics is if we all were to block ALL traffic
> from the CIDRs of non-responsive Abuse aliases.

This *does* get into the 800 pound gorilla problem, however.  What do you
do with a non-responsive Abuse at an organization that you have a business
need to remain in contact with?

Also, what CIDR do you use?  The /27 the offenders got? The /22 their
hosting service got?  The /15 the host services's provider has?  Note the
chance of accidental (or intentional) collateral damage rises quickly
as you raise the side of the block. Go for a /16 instead of a /17, and
find you've just blocked somebody (a) squeaky clean and (b) important
to your upper management. Whoops, a true CLM(*).

Also, keep in mind that intentional collateral damage (the "Sorry you're
blocked, maybe you shouldn't have gotten service from a provider known to
host spammers") isn't likely to win you many friends. It may *eventually*
get the provider to clean up when they lose a lot of customers - but it *will*
be a long, painful, drawn-out process as you inflict pain on somebody for
something their provider's provider did in conjunction with some other
customer of the upstream...

(*) CLM - Career Limiting Move.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.dshield.org/pipermail/list/attachments/20060825/5c731798/attachment.bin 


More information about the list mailing list