nanog mailing list archives
RE: Spam. Again.. -- and blocking net blocks?
From: Mark Segal <MSegal () FUTUREWAY CA>
Date: Tue, 10 Dec 2002 10:40:41 -0500
We did swip the block to the isp (as an assignment, not allocation).. That is the problem, they kept recursively looking up the assignment.. Maybe they should block 64/8 or maybe 0/0 :). Anybody interested in a coordinated denial of service attack? :). Mark -- Mark Segal Director, Data Services Futureway Communications Inc. Tel: (905)326-1570
-----Original Message----- From: Michael.Dillon () radianz com [mailto:Michael.Dillon () radianz com] Sent: December 10, 2002 10:36 AM To: MSegal () FUTUREWAY CA Cc: nanog () nanog org; owner-nanog () merit edu Subject: Re: Spam. Again.. -- and blocking net blocks?Problem: For some reason, spews has decided to now block one of our/19.. Ie no mailserver in the /19 can send mail.Questions: 1) How do we smack some sense into spews?Make it easy for them to identify the fact that your downstream ISP customer has allocated that /32 to a separate organisation. This is what referral whois was supposed to do but it never happened because development of the tools fizzled out. If SPEWS could plug guilty IP addresses into an automated tool and come up with an accurate identification of which neighboring IP addresses were tainted and which were not, then they wouldn't use such crude techniques. Imagine a tool which queries the IANA root LDAP server for an IP address. The IANA server refers them to ARIN's LDAP server because this comes from a /8 that was allocated to ARIN. Now ARIN's server identifies that this address is in your /19 so it refers SPEWS to your own LDAP server. Your server identifies your customer ISP as the owner of the block, or if your customer has been keeping the records up to date with a simple LDAP client, your server would identify that the guilty party is indeed only on one IP address. Of course, this won't stop SPEWS from blacklisting you. But it enables SPEWS to quickly identify the organization (your customer ISP) that has a business relationship with the offender so that SPEWS is more likely to focus their attentions on these two parties.2) Does anyone else see a HUGE problem with listing a /19 because thereisone /32 of a spam advertised website? When did this starthappening? It's a free country, you can't stop people like the SPEWS group from expressing their opinions. As long as people are satisfied with crude tools for mapping IP address to owner, this kind of thing will continue to happen. --Michael Dillon
Current thread:
- Re: Spam. Again.. -- and blocking net blocks?, (continued)
- Re: Spam. Again.. -- and blocking net blocks? Stephen J. Wilcox (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Vadim Antonov (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? K. Scott Bethke (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Ralph Doncaster (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Kyle Christy (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Bryan Bradsby (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Nigel Titley (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Bryan Bradsby (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Scott Granados (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Barry Shein (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Michael . Dillon (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? Mark Segal (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? Lee, Hansel (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? Scott Silzer (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? David Schwartz (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? Scott Silzer (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? Jason Lixfeld (Dec 10)
- RE: Spam. Again.. -- and blocking net blocks? Scott Silzer (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? David Lesher (Dec 10)
- Re: Spam. Again.. -- and blocking net blocks? Allan Liska (Dec 10)