On 9/25/08, Paul Vixie [EMAIL PROTECTED] wrote:
so, now begins the search for the line that mustn't be crossed. if they
have N spamming customer or M captured machines running CC and they
disconnect such customers after P warnings or Q days, then will the
community still rise up in arms and if so will that still be enough
negativity to cause their (new?) provider to lose connectivity? if not,
then what about P-1 or Q+1 or M*2 or N/2?
discovering the process by which N, M, P, and Q are discovered, will be
even uglier than everything we've seen on this topic to date.
I work the at the abuse department of one of the big ISPs, and I have
to note that finding effective values for those four varables is
sticky business from the abuse preventers' side too.
We get tens of thousands of abuse complaints every single day. Even
filtering out the frequent-flyer abuse miscomplainers (certain ISPs
seem to have no outbound filtering -- to cope with the very large
number of times when their customers seem to confuse Report Spam
with Move to Trash, for instance), there's still a butt-load of data
to be analysed and acted on, and only a finite number of monkeys with
typewriters to churn through it.
At best, it's a trans-global game of whack-a-mole, suspending orgs and
consumers who have never heard the word firewall, or at least have
never learned router ACL config. Add to this the potential legal
and/or press minefield of being accused of wiretapping,
traffic-shaping, and other nefarious deeds, and we have to tread very
gently indeed around certain abuse detection and prevention issues.
In short, it's a big hairy beast, and it's even scarier if you take a
closer-than-normal look.
Paul
(not an official spokesperson, nor a policy-maker, of any ISP or
similar company)
