Re: Another source other than KRNIC?

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 11/10/05


Date: Thu, 10 Nov 2005 14:14:07 -0600

In the Usenet newsgroup comp.security.firewalls, in article
<dkvoka$bg6$1@canopus.cc.umanitoba.ca>, Walter Roberson wrote:

>I don't think that effort is worthwhile over the long term.
>Our site gets over 100,000 abuse attempts per day -- and our site
>is not an "attractive nuisance".

With that kind of number of hits, it's probably connected with something
over a T1 - that is attractive to spammers and zombie controllers.

>If one supposed that each distinct attempt involved an average of 100
>entries (the real average is far far lower), then that would still
>be 1000 reports per day to generate. If we could review the data
>and make a decision and dispatch a report every 10 seconds, that would
>still be 2 3/4 hours of intensive review... every day. And that's
>provided that one had well-automated tools that extracted the data
>and formatted it and looked up the abuse address...

Absolutely agree here.

>I doubt that there -is- a really useful registry of abuse addresses
>for Korea,

Much of what I've seen in abuse reporting seems to result in a negative
reaction, rather than any action being made to correct the abuse. Korea
became a prime target when they decided to put the Internet into every
school - maybe every classroom. At least initially, they made no effort
to install things in a secure manner, and the result was rooted boxes
sending tons of spam every minute. My understanding is that Korean
business finally noted that large chunks of Korean IP space was being
blocked, and THAT was impacting their bottom lines. They were able to
get the word out, and the security improved somewhat.

>and I'd be really amazed if there is a useful registry of abuse
>addresses for China

Agree

>(other than one that came down to reporting all the abuse to the
>political authorities in China for prosecution under China's laws that
>more or less provide for the death penalty for internet "crimes"
>including shaming the image of China.)

I don't know this to be true - certainly anyone spending a few minutes
reading the abuse newsgroups knows about the problem, and the sure cure
of blocking Chinese IP space, but _I_ haven't seen any reduction in the
amount of abuse from there, and if anything they are happy to receive the
spammers money for "bullet-proof" hosting services.

        Old guy