nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Purchasing IPv4 space - due diligence homework

From: Nikolas Geyer <nik () neko id au>
Date: Wed, 3 Apr 2019 18:03:19 +0000
The issue isn’t with Spamhaus itself per se, more providers who implement automated edge filters based on those lists 
and then take a long time to get removed manually.

Sent from my iPhone

On Apr 3, 2019, at 1:40 PM, Eric Dugas <edugas () unknowndevice ca<mailto:edugas () unknowndevice ca>> wrote:

I cleaned two blocks last year with Spamhaus and others. Took me less than two weeks and Spamhaus were the quickest of 
the bunch (we're talking about a full or two business days). PSN can be tricky, same for Netflix and whatnot but I 
always put these new blocks in "quarantine" for a couple of weeks by using these services with random IPs in a new 
block.

In order, I began to announce the prefixes right after the transfers were approved by ARIN. I then contacted Spamhaus 
and the others roughly a week later. As I mentioned, Spamhaus were really reactive. The others responded in about 2 
weeks.

What helped us (I think) is that we're a listed MANRS participant (so filtering, BCP38, proper NOC/Ops contacts). We 
also sign all of our routes with ROAs, proper route objects in an IRR and PTRs generated for every IPs.

On Apr 3 2019, at 1:20 pm, Nikolas Geyer <nik () neko id au<mailto:nik () neko id au>> wrote:
A big +1 to checking Spamhaus, specifically their DROP and EDROP lists. These two lists are what causes us most pain 
when acquiring IPv4 space as a lot of providers put auto blocking in place based on these two which can be difficult to 
get removed.

I won’t even contemplate prefixes on either of these lists unless the seller knocks $5/IP off the purchase price 
because of the associated time and pain trying to clean it up.

Sent from my iPhone

On Apr 3, 2019, at 11:49 AM, Valdis Klētnieks <valdis.kletnieks () vt edu<mailto:valdis.kletnieks () vt edu>> wrote:

On Wed, 03 Apr 2019 15:20:17 -0000, "Torres, Matt via NANOG" said:

3. Check SORBS blacklisting. It should not show up except maybe the DUHL list(?). If it does, walk away.

SORBS isn't the only place to check. As an example, if Spamhaus doesn't have
nice things to say about the block, it's time to start asking questions....

http://www.anti-abuse.org/multi-rbl-check/ has a fairly good list of
places that could give your customer a bad time (whether or not the
listing is deserved - the point is that being listed anywhere there will
probably mean problems that have to be cleaned up)

You may all now begin the religious war over where else to check.
Previous By Date Next
Previous By Thread Next

Current thread: