nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: botted hosts

From: abuse () cabal org uk (Peter Corlett)
Date: Mon, 4 Apr 2005 09:24:42 +0000 (UTC)

Suresh Ramasubramanian <ops.lists () gmail com> wrote:
[...]

Neither DUL, nor SORBS DUHL, nor the several other lesser known
variants can claim to do even a fraction of a perfect job - and
providers who do stuff like happily mix static IP and dynamic IP
netblocks, maintain vague or inconstant rDNS or even no rDNS at all
for these, etc don't help at all, leading to the usual funny
situation of someone's static IP dsl getting blocked as dynamic [but
that's another story altogether]


I agree that blocking based on any sort of DUL is asking for trouble,
but recent experiments on our customer MXers has shown that applying
greylisting to said hosts works a treat. Personally, I'd apply it
across the board, but customers moan that important mail is being
delayed. Nobody has yet complained that junk from compromised hosts is
being delayed :)

A side-effect of the greylisting and other mail checks is that I've
got a lovely list of compromised hosts. Is there any way I can
usefully share these with the community?

-- 
PGP key ID E85DC776 - finger abuse () mooli org uk for full key
Previous By Date Next
Previous By Thread Next

Current thread: