Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Spam. Again.. -- and blocking net blocks?

  • From: Mark Segal
  • Date: Tue Dec 10 10:44:01 2002

We did swip the block to the isp (as an assignment, not allocation).. That
is the problem, they kept recursively looking up the assignment.. Maybe they
should block 64/8 or maybe 0/0 :).

Anybody interested in a coordinated denial of service attack? :).

Mark

--
Mark Segal
Director, Data Services
Futureway Communications Inc.
Tel: (905)326-1570


> -----Original Message-----
> From: Michael.Dillon@radianz.com [mailto:Michael.Dillon@radianz.com] 
> Sent: December 10, 2002 10:36 AM
> To: MSegal@FUTUREWAY.CA
> Cc: nanog@nanog.org; owner-nanog@merit.edu
> Subject: Re: Spam. Again.. -- and blocking net blocks?
> 
> 
> > Problem:
> > For some reason, spews has decided to now block one of our 
> /19.. Ie no
> mail
> > server in the /19 can send mail.
> 
> > Questions:
> > 1) How do we smack some sense into spews?
> 
> Make it easy for them to identify the fact that your downstream ISP 
> customer has allocated that /32 to a separate organisation. 
> This is what 
> referral whois was supposed to do but it never happened because 
> development of the tools fizzled out. 
> 
> If SPEWS could plug guilty IP addresses into an automated 
> tool and come up 
> with an accurate identification of which neighboring IP 
> addresses were 
> tainted and which were not, then they wouldn't use such crude 
> techniques. 
> 
> Imagine a tool which queries the IANA root LDAP server for an 
> IP address. 
> The IANA server refers them to ARIN's LDAP server because 
> this comes from 
> a /8 that was allocated to ARIN. Now ARIN's server identifies 
> that this 
> address is in your /19 so it refers SPEWS to your own LDAP 
> server. Your 
> server identifies your customer ISP as the owner of the 
> block, or if your 
> customer has been keeping the records up to date with a simple LDAP 
> client, your server would identify that the guilty party is 
> indeed only on 
> one IP address. 
> 
> Of course, this won't stop SPEWS from blacklisting you. But 
> it enables 
> SPEWS to quickly identify the organization (your customer 
> ISP) that has a 
> business relationship with the offender so that SPEWS is more 
> likely to 
> focus their attentions on these two parties.
> 
> > 2) Does anyone else see a HUGE problem with listing a /19 because 
> > there
> is
> > one /32 of a spam advertised website?  When did this start 
> happening?
> 
> It's a free country, you can't stop people like the SPEWS group from 
> expressing their opinions. As long as people are satisfied with crude 
> tools for mapping IP address to owner, this kind of thing 
> will continue to 
> happen.
> 
> --Michael Dillon
> 




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.