Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Counter DoS

  • From: Brian Bruns
  • Date: Thu Mar 11 17:30:26 2004

On Thursday, March 11, 2004 6:16 PM [EST], william(at)
<> wrote:

>> Which RBL operators flood /24's or /16's?  What do they flood them
>> with?
> I think he meant that RBLs sometimes include entire /24 in RBL list when
> only one or two ips are at fault and some would go even highier to include
> entire ISP allocation. This is probably talking about SPEWs and alike RBLs

That usually only happens when providers ignore abuse reports and don't do
something about their abusive customers.  Thats how we do it at the AHBL - you
ignore abuse reports for long enough and pretend like the problem doesn't
exist, you get a /24 listed.  You move the spammer to another block, inside
your network, and it grows to encompass the new block as well as the old one.
And it keeps going from there.

Thats how the rima-tde blocks that are in the AHBL got started - single /32s,
then as the spam and 419 scams came in faster, it expanded to /24s, and
finally after 2 dozen or so /24s blocked, I started going for /20s and larger.
Now I've got two /13s, and a /16 of theirs blocked until Telefonica decides to
contact us and discuss the situation with the abuse coming from their network.

When providers dont act on abuse, you have to put the pressure on.  Sometimes,
that means forcing their legit customers to start to complain and thow a fit
with their provider over the blocks.

Yes, its ugly and unfair, but thats the only way to get them to act.

Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources

The Abusive Hosts Blocking List

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.