North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Spam. Again.. -- and blocking net blocks?
- From: Mark Segal
- Date: Tue Dec 10 10:44:01 2002
We did swip the block to the isp (as an assignment, not allocation).. That
is the problem, they kept recursively looking up the assignment.. Maybe they
should block 64/8 or maybe 0/0 :).
Anybody interested in a coordinated denial of service attack? :).
Director, Data Services
Futureway Communications Inc.
> -----Original Message-----
> From: Michael.Dillon@radianz.com [mailto:Michael.Dillon@radianz.com]
> Sent: December 10, 2002 10:36 AM
> To: MSegal@FUTUREWAY.CA
> Cc: email@example.com; firstname.lastname@example.org
> Subject: Re: Spam. Again.. -- and blocking net blocks?
> > Problem:
> > For some reason, spews has decided to now block one of our
> /19.. Ie no
> > server in the /19 can send mail.
> > Questions:
> > 1) How do we smack some sense into spews?
> Make it easy for them to identify the fact that your downstream ISP
> customer has allocated that /32 to a separate organisation.
> This is what
> referral whois was supposed to do but it never happened because
> development of the tools fizzled out.
> If SPEWS could plug guilty IP addresses into an automated
> tool and come up
> with an accurate identification of which neighboring IP
> addresses were
> tainted and which were not, then they wouldn't use such crude
> Imagine a tool which queries the IANA root LDAP server for an
> IP address.
> The IANA server refers them to ARIN's LDAP server because
> this comes from
> a /8 that was allocated to ARIN. Now ARIN's server identifies
> that this
> address is in your /19 so it refers SPEWS to your own LDAP
> server. Your
> server identifies your customer ISP as the owner of the
> block, or if your
> customer has been keeping the records up to date with a simple LDAP
> client, your server would identify that the guilty party is
> indeed only on
> one IP address.
> Of course, this won't stop SPEWS from blacklisting you. But
> it enables
> SPEWS to quickly identify the organization (your customer
> ISP) that has a
> business relationship with the offender so that SPEWS is more
> likely to
> focus their attentions on these two parties.
> > 2) Does anyone else see a HUGE problem with listing a /19 because
> > there
> > one /32 of a spam advertised website? When did this start
> It's a free country, you can't stop people like the SPEWS group from
> expressing their opinions. As long as people are satisfied with crude
> tools for mapping IP address to owner, this kind of thing
> will continue to
> --Michael Dillon