nanog mailing list archives
Re: Constant Abuse Reports / Borderline Spamming from RiskIQ
From: Brandon Martin <lists.nanog () monmotha net>
Date: Thu, 16 Apr 2020 02:13:27 -0400
On 4/15/20 11:33 PM, Ross Tajvar wrote:
Can you give some examples of the things you mention above? I'm not doing much in terms of customer filtering and would be interested to hear what others consider best practice.
My experience is that there's two groups of customers that are problematic from an abuse standpoint:
* Those who intend to abuse your network * Those who enable others to abuse your networkThe former are of course a little easier to detect up front and much, much easier to give the axe when they do commit AUP violations. It looks like others have already given some hints as to how to detect these kinds of folks up-front. I'd also recommend looking for references for any new customer who wants a very large amount of resources, explicitly wants to send email, is bringing their own IP space (especially if they are leasing it), etc.
The latter are far more problematic for legitimate operations. I don't really run "hosting" providers as I'm mostly in the business of mid- and last-mile networks, but I always try to ask anyone who's either buying a plan that explicitly permits "hosting" or who is asking for personal-use exemptions to anti-hosting provisions in the AUP (which I do permit) what their intent is. I don't really care so much what they're doing as long as they know what they're doing and that I get a vibe from them that they are competent. "I want to host my wordpress blog" is an instant red flag since compromised wordpress instances are one of the biggest sources of snowshoe hosting in my experience.
-- Brandon Martin
Current thread:
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ, (continued)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Rich Kulawiec (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Kushal R. (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Tom Beecher (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Suresh Ramasubramanian (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Matt Corallo via NANOG (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Suresh Ramasubramanian (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Rich Kulawiec (Apr 15)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Ross Tajvar (Apr 15)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Suresh Ramasubramanian (Apr 15)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Raymond Dijkxhoorn (Apr 16)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Brandon Martin (Apr 15)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Tom Beecher (Apr 16)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Kushal R. (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Rich Kulawiec (Apr 17)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Rich Kulawiec (Apr 13)
- Message not available
- Message not available
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Tom Beecher (Apr 14)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Dan Hollis (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ William Herrin (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Matt Palmer (Apr 13)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Kushal R. (Apr 14)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Matt Palmer (Apr 14)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Matthew Petach (Apr 14)
- Re: Constant Abuse Reports / Borderline Spamming from RiskIQ Rich Kulawiec (Apr 15)