I ran an ISP as the senior global network engineer for a decade, and I am against blocking based on IP block or in most cases address level. I've always believed that any risk of collateral damage is too much risk.
IPs can be spoofed (although that's admittedly become much harder in today's age), people forget to remove the restriction, admins can mistype the prefix and wipe out an address space way larger than they intended (yep, I've done that one... blocked most of Australia once by blackholing way too large a block, and took me a while to sort out WTF because the problem didn't crop up for a few days after the change).
|