RE: Spam. Again.. -- and blocking net blocks?

[Mark Segal <MSegal () FUTUREWAY CA>]

We did swip the block to the isp (as an assignment, not allocation).. That
is the problem, they kept recursively looking up the assignment.. Maybe they
should block 64/8 or maybe 0/0 :).

Anybody interested in a coordinated denial of service attack? :).

Mark

--
Mark Segal
Director, Data Services
Futureway Communications Inc.
Tel: (905)326-1570


> -----Original Message-----
> From: Michael.Dillon () radianz com [mailto:Michael.Dillon () radianz com] 
> Sent: December 10, 2002 10:36 AM
> To: MSegal () FUTUREWAY CA
> Cc: nanog () nanog org; owner-nanog () merit edu
> Subject: Re: Spam. Again.. -- and blocking net blocks?
>
>
> > Problem:
> > For some reason, spews has decided to now block one of our 
> /19.. Ie no
> mail
> > server in the /19 can send mail.
>
> > Questions:
> > 1) How do we smack some sense into spews?
>
> Make it easy for them to identify the fact that your downstream ISP 
> customer has allocated that /32 to a separate organisation. 
> This is what 
> referral whois was supposed to do but it never happened because 
> development of the tools fizzled out. 
>
> If SPEWS could plug guilty IP addresses into an automated 
> tool and come up 
> with an accurate identification of which neighboring IP 
> addresses were 
> tainted and which were not, then they wouldn't use such crude 
> techniques. 
>
> Imagine a tool which queries the IANA root LDAP server for an 
> IP address. 
> The IANA server refers them to ARIN's LDAP server because 
> this comes from 
> a /8 that was allocated to ARIN. Now ARIN's server identifies 
> that this 
> address is in your /19 so it refers SPEWS to your own LDAP 
> server. Your 
> server identifies your customer ISP as the owner of the 
> block, or if your 
> customer has been keeping the records up to date with a simple LDAP 
> client, your server would identify that the guilty party is 
> indeed only on 
> one IP address. 
>
> Of course, this won't stop SPEWS from blacklisting you. But 
> it enables 
> SPEWS to quickly identify the organization (your customer 
> ISP) that has a 
> business relationship with the offender so that SPEWS is more 
> likely to 
> focus their attentions on these two parties.
>
> > 2) Does anyone else see a HUGE problem with listing a /19 because 
> > there
> is
> > one /32 of a spam advertised website?  When did this start 
> happening?
>
> It's a free country, you can't stop people like the SPEWS group from 
> expressing their opinions. As long as people are satisfied with crude 
> tools for mapping IP address to owner, this kind of thing 
> will continue to 
> happen.
>
> --Michael Dillon