nanog mailing list archives

RE: Re: Request Spamhaus contact

From: "Mark Scholten" <mark () streamservice nl>
Date: Tue, 18 Jan 2011 02:23:14 +0100

From: Jeffrey Lyon [mailto:jeffrey.lyon () blacklotus net]
Sent: Tuesday, January 18, 2011 1:42 AM

I fat fingered the netmask, try now.

Thanks, Jeff


I don't think it is yet solved. The listed time is CET (GMT+1).

tmp@support:~$ wget -S www.vertrouwdeapotheek.nl
--2011-01-18 02:18:15--  http://www.vertrouwdeapotheek.nl/
Resolving www.vertrouwdeapotheek.nl... 208.64.120.197
Connecting to www.vertrouwdeapotheek.nl|208.64.120.197|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 301 Moved Permanently
  Cache-Control: private
  Content-Length: 0
  Location: http://www.vertrouwdeapotheek.nl/Home.aspx
  Server: Microsoft-IIS/7.0
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Date: Tue, 18 Jan 2011 01:17:50 GMT
  Connection: close
Location: http://www.vertrouwdeapotheek.nl/Home.aspx [following]
--2011-01-18 02:18:15--  http://www.vertrouwdeapotheek.nl/Home.aspx
Connecting to www.vertrouwdeapotheek.nl|208.64.120.197|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  Cache-Control: private
  Content-Length: 126007
  Content-Type: text/html; charset=utf-8
  Server: Microsoft-IIS/7.0
  X-AspNet-Version: 4.0.30319
  WL-Version: 2475.0
  Set-Cookie: ASP.NET_SessionId=olbzhbkanrerwwzqeoho22ws; path=/; HttpOnly
  X-Powered-By: ASP.NET
  Date: Tue, 18 Jan 2011 01:17:51 GMT
  Connection: close
Length: 126007 (123K) [text/html]
Saving to: `index.html'

100%[=======================================================================
============>] 126,007      154K/s   in 0.8s

2011-01-18 02:18:17 (154 KB/s) - `index.html' saved [126007/126007]

I did check the content of index.html and it shows a page I expect at that
domain. Giving a suspend page is also acceptable for me (or a page with a
message that the site was removed).

How difficult is it for you to nullroute it? For me (and probably for
others) it is also acceptable if you put a firewall between them and the
internet with the rule to DROP everything for that IP. I'm even prepared to
give an example config (based on Debian 5) to drop the traffic for all IPs
mentioned on this list and on SBL.

How you do it isn't important for me, but please clean your network for as
far as possible with the given information (and looking through your
clients).

Regards, Mark

Current thread:

Re: Request Spamhaus contact, (continued)
- - - Re: Request Spamhaus contact Ken Gilmour (Jan 18)
    - Re: Request Spamhaus contact Kevin Stange (Jan 18)
    - RE: Request Spamhaus contact Nathan Eisenberg (Jan 18)
    - Re: Re: Request Spamhaus contact Gary E. Miller (Jan 17)
    - Re: Request Spamhaus contact William Pitcock (Jan 17)
    - Re: Request Spamhaus contact Steve Atkins (Jan 17)
    - Re: Re: Request Spamhaus contact William Herrin (Jan 17)
    - Re: Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - Re: Re: Request Spamhaus contact William Herrin (Jan 17)
    - Re: Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - RE: Re: Request Spamhaus contact Mark Scholten (Jan 17)
    - Re: Request Spamhaus contact TR Shaw (Jan 17)
    - Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - Re: Request Spamhaus contact Raymond Dijkxhoorn (Jan 17)
    - Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - Message not available
    - Message not available
    - Message not available
    - Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - RE: Request Spamhaus contact Mark Scholten (Jan 17)
    - Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - RE: Request Spamhaus contact Mark Scholten (Jan 17)
    - Re: Request Spamhaus contact Jeffrey Lyon (Jan 17)
    - Request Spamhaus contact Atticus (Jan 17)

(Thread continues...)