[Dshield] Idea for dealing with ISPs that ignore abuse notificatons was RE: The Art/Tao/Zen of Abuse e-mails (Was: [Fwd: WHY IS YOURCUSTOMER...])

John Dietz www.whitewolf at gmail.com
Fri Aug 25 20:04:24 GMT 2006


In theory, this would be great, but how many ISPs would actually
participate in a program like this that could potentially drastically
limit the number of sites their paying customers could visit?  Not to
mention just who is going to manage all of this to make sure that no
net blocks accidentally get added to this list?  As Johannes mentioned
earlier:
"- Do not expect a response. In many countries, privacy laws will not
allow the ISP to confirm any action taken."
What if they are handling the problem silently as their name is being
added to the list?  Their traffic would be blocked by your filter and
you would never know that they actually responded and fixed the
problem.
I do like the concept of your idea, but I highly doubt it would be effective.
Just my $0.02

~John

On 8/25/06, Tomas L. Byrnes <tomb at byrneit.net> wrote:
> One way to change those economics is if we all were to block ALL traffic
> from the CIDRs of non-responsive Abuse aliases.
>
> Perhaps DShield could post a list of CIDRs managed by RPs that don't
> respond to fightback.
>
> That changes the equation, at least for fightback, drastically:
>
> "Do something about these reports, or we will publish your IP addresses
> to a list that is used worldwide to block traffic".
>
> If they don't respond to messages from DSHIELD/SANS, and/or keep their
> RP contact alias up to date, they're not good netizens, and deserve to
> be cast into the outer darkness.
>


-- 
There is intelligence is in having all the answers, but wisdom lies in
knowing which of the questions to answer.


More information about the list mailing list