On Apr 8, 2007, at 9:03 PM, Paul Vixie wrote:
[EMAIL PROTECTED] (Douglas Otis) writes:
Good advise. For various reasons, a majority of IP addresses
within a CIDR of any size being abusive is likely to cause the
CIDR to be blocked. While a majority could be considered as being
half right, the existence of the "bad neighborhood" demonstrates a
lack of oversight for the entire CIDR, which is also fairly
predictive of future abuse.
that sounds like a continuum, but my experience requires more
dimensions than you're describing. for example, this weekend two /
24's were hijacked and used for spam spew.
Agreed.
This was expressed recently as well.
http://www.merit.edu/mail.archives/nanog/msg05351.html
CIDRs should also conform with ASN boundaries and reputation tracks
with announcements.
Unfortunately an effort to create a black-hole operator's BCP failed
to consider these issues. Many building their own reputation
histories will also likely ignore this concern. This means John's
advice remains valid, whether fair or not. Adopting transient
tracking methods cope with this problem.
-Doug