Best of the ISP-Lists

General

Cut Off Asia!

If the flood of spam from Asia continues, some members of the ISP-Tech list will cut entire nations off the Internet. This is, of course, controversial, but so is spam itself.

[January 18, 2002]

On the ISP-Tech list in January, BD complained,

"I'm tired of all these probes and attempts on port 111 from Korea and Japan: I'd like to just deny the whole block of IPs at my Cisco 2511. Any advice?"

A number of respondents shared the frustration:

[DJ noted] "I'm getting lots of flood attacks from Japanese and Korean IP addresses. I have written their national IP admin and their network admin, but no answer."

[JL agreed] "Most of our spam comes from there. We immediately block them; we gave up on sending them spam complaints long ago. As of this moment, we're blocking most of China, and large areas of Korea, Taiwan, Japan, and Thailand."

[DD added] "I've got a big portion of Asia blocked for the same reason. I don't even block class Cs now; I'm doing Bs."

Others warned that this kind of activity could easily backfire:

[JM warned] "This is probably not a good idea. While I agree with the logic here, we did this for a while and found that many legitimate clients, and clients of our customers, were getting denied. It's more trouble than it's worth."

[DW agreed] "Unfortunately, some of our customers are e-commerce sites that ship internationally. If we did this we'd lose a bunch of customers (not to mention the fact that some of our customers are actually physically located in Asia). I do know, though, that you can configure Cisco products to only block certain types of traffic without blocking IP addresses: I believe it does it per port."

CB observed that it's important to keep everything in perspective:

"Are they consuming significant resources, or are they just cluttering up your logs? If it's the latter, just don't worry about it."

—End