nanog mailing list archives
Re: "Default" Points on your Internet "Re: Re: Re:"
From: "George Roettger" <geoincidents () nls net>
Date: Mon, 14 Jun 2004 21:47:49 -0400
----- Original Message ----- From: "Paul Vixie" <vixie () vix com>
as an ISP who knows how to network, the only thing i request of you is
that
if your customer is spewing virus segments at me, you give me a way to
prove
that to you (that costs me less time and aggravation than blackholing
you),
and that once proven, you will revoke the account until you're sure that the infestation, and the process errors which led to it, are gone. (same as if they were spamming, or controlling a ddos botnet, or etc.)
That's fine and we do deal with the problems in a reasonable amount of time, but we also prioritize them. If there are 5 bots on my network sending you a 2Mb flood, we'll shut them down or block the flood immediately, but if it's a single machine on a corporate network beind NAT and you are getting 4 port probes because it's infected with sasser, then we'll enter it into the support system and the customer will be contacted but the corp network will not be shut down until that contact has been made. Virus infections are a day to day occurance, not some critical emergency DOS condition and they should be handled with concern but not panic. Customers are the priority, not everyone else on the net. If you can't stand up to 4 port probes then you don't belong on todays internet. Now if you are talking about customers who remain infected for weeks, we won't allow that, once the contact has been made they've got to respond or we will shut them down. But the logs I saw posted here didn't appear to me to be the same customer, it just appeared to be a lot of probes over a long time meaning that the particular subnet is a very busy place with lots of worm bait. Virus infections on a subnet like that are to be expected. Trying to keep that subnet clean is like running around spinning plates on sticks. Geo. -George R.- NetLink Services, Inc.
Current thread:
- Re: "Default" Internet Service (was: Re: Points on your Internet driver's license), (continued)
- Re: "Default" Internet Service (was: Re: Points on your Internet driver's license) Christopher L. Morrow (Jun 12)
- Re: "Default" Internet Service (was: Re: Points on your Internet Paul Vixie (Jun 12)
- Re: "Default" Internet Service (was: Re: Points on your Internet Doug White (Jun 13)
- Re: "Default" Internet Service (was: Re: Points on your Internet Christopher L. Morrow (Jun 13)
- Re: "Default" Internet Service (was: Re: Points on your Internet Owen DeLong (Jun 13)
- yo, sean (Re: "Default" Internet Service (was: Re: Points on your Internet) Paul Vixie (Jun 13)
- Re: "Default" Internet Service (was: Re: Points on your Internet Rob Nelson (Jun 13)
- Re: "Default" Internet Service (was: Re: Points on your Internet Geoincidents (Jun 14)
- Re: "Default" Internet Service (was: Re: Points on your Internet Valdis . Kletnieks (Jun 14)
- Re: "Default" Points on your Internet "Re: Re: Re:" Paul Vixie (Jun 14)
- Re: "Default" Points on your Internet "Re: Re: Re:" George Roettger (Jun 14)
- Re: "Default" Points on your Internet "Re: Re: Re:" Edward B. Dreger (Jun 14)
- Re: "Default" Points on your Internet "Re: Re: Re:" George Roettger (Jun 14)
- Re: "Default" Points on your Internet "Re: Re: Re:" Edward B. Dreger (Jun 14)
- Re: "Default" Points on your Internet "Re: Re: Re:" George Roettger (Jun 15)
- Math 011 (Re: "Default" Points on your Internet "Re: Re: Re:") Edward B. Dreger (Jun 14)
- Re: Math 011 (Re: "Default" Points on your Internet "Re: Re: Re:") Dan Hollis (Jun 15)
- Re: Math 011 (Re: "Default" Points on your Internet "Re: Re: Re:") George Roettger (Jun 15)
- Message not available
- Re: Math 011 (Re: "Default" Points on your Internet "Re: Re: Re:") Rob Nelson (Jun 15)
- Re: "Default" Internet Service (was: Re: Points on your Internet driver's license) Sean Donelan (Jun 13)
- Re: "Default" Internet Service Dave Howe (Jun 13)