Did the OP state the customer was a bar? I missed that.
From: Eric Kuhnke
Sent: Wednesday, April 27, 2016 10:19 PM
To: af@afmug.com
Subject: Re: [AFMUG] abuse reports on customer IPs
It'll break basic functionality. At least in the Pacific Northwest I haven't
run into an open coffee shop wifi (Blenz, McDonalds, Starbucks, Waves Coffee,
and a dozen other competitors) that operates a default-deny filter as you
describe. In fact it's even possible to torrent through 95% of them without
connecting to my VPN.
Even the fast food burger restaurants don't seem to have particularly
restrictive firewalls in place on their free wifi (Jack in the Box, Burger
King).
If the bar owner referenced in the original wants to try to do that, with their
own firewall, they can certainly try... But it's not the ISP's responsibility
to configure the user's in-premises wifi/"last 20 meters" connection to client
devices. Define a hard demarc point at "This is the 100BaseTX port to the WAN
of your router, here is your ca5e cable, please let us know if you see any
packet loss or downtime".
Unless you have some sort of managed services division that charges extra and
deals with the hassle of maintaining the end user's firewall/wifi.
On Wed, Apr 27, 2016 at 8:10 PM, Ken Hohhof <af...@kwisp.com> wrote:
If this is an open WiFi hotspot, why can’t you allow basic web browsing,
POP/IMAP, and SMTP port 587 but not 25, and block everything else?
I often find that at hotpots I can’t use telnet, SSH, Winbox, etc. Probably
can’t connect to destination port 25 either. Heck, most regular ISPs block
destination port 25.
Open Internet should not apply to a coffee shop hotspot, I don’t think you
are required to transport anything and everything in that situation.
From: Eric Kuhnke
Sent: Wednesday, April 27, 2016 8:58 PM
To: af@afmug.com
Subject: Re: [AFMUG] abuse reports on customer IPs
If it is a customer that operates a open public wifi AP like a coffee shop,
bar, restaurant, there is not a lot that you can do. Customer won't stop
running open wifi, people won't stop bringing in infected laptops. No way to
find out who has the infected laptops/devices.
One possible solution if sufficient ARIN IP space is available is to put all
such customers in their own special swamp netblock as static assignments.
Consider that block forever sullied.
On Wed, Apr 27, 2016 at 6:54 PM, That One Guy /sarcasm
<thatoneguyst...@gmail.com> wrote:
I know its bad practice, I normally enjoy turning customers off, it makes
me feel godlike and powerful, alot of times when i get to shut one off i go
upstairs and drag mu woman from her bed by her hair to the kitchen to make me a
sammich. but for whatever reason i like this customer
On Wed, Apr 27, 2016 at 5:31 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote:
Spam and botnet activity is far more harmful to the health of your
network and the IP reputation of your netblocks than anything DMCA related.
torrents and DMCA notifications don't hurt the network. Knowingly leaving
something that is a repository of virii/worms/trojans online is just bad
practice.
On Wed, Apr 27, 2016 at 7:09 AM, That One Guy /sarcasm
<thatoneguyst...@gmail.com> wrote:
We have a particular customer, We have been getting tons of abuse
reports on their static IP, I assume we will never be able to wash this sullied
IP clean. Theyre not really doing any harm to our network, or impacting others
on the network, they are in full breach of our TOS, thats for sure.
suprisingly, its primarily spam and botnet activity, but no DMCA.
Is there any liability on us as an ISP to not address this
affirmatively with the customer. Im going to contact them, may offer a leased
fortigate UTM option. But if there isnt a resolution, other than their static
IP residing on every blacklist can we get nailed?
Its a good customer, pays their bill on time, worked with us through a
service issue without the usual "gimme discounts and free shit or im going
elsewhere" I dont want to HAVE to disconnect them if im not required to and
theyre not impacting others if they cant or wont resolve the issues
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.
--
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.
