Pete's right about how IPs get put on the lists. In fact, let us not
forget that these lists were mostly created with volunteers - some still
today. Many are very old lists. Enterprise networks select lists by some
sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8
as first -
On Sun, 12 Mar 2017, Pete Baldwin wrote:
So this is is really the question I had, and this is why I was wanting to
start a dialog here, hoping that it wasn't out of line for the list. I don't
know of a way to let a bunch of operators know that they should remove
something without using som
Hi,
This is why I moved away from static black lists years ago. When the
68/8 and 24/8 blocks were released and tons of networks had it blocked
since it was "reserved" I observed and felt the pain.
My networks are small, and I rely on things such as fail2ban which auto
remove the blocks.
So this is is really the question I had, and this is why I was
wanting to start a dialog here, hoping that it wasn't out of line for
the list. I don't know of a way to let a bunch of operators know that
they should remove something without using something like this mailing
list. Blackl
So just to be clear here, the reason I made this post isn't to have
some help with removing our block from 'official' blacklists around the
world. We checked the lists and we weren't on them. The last (known)
list this block was on was in September 2016, so just over 6 months ago
now, a
Den 12/03/2017 kl. 19.40 skrev Rob McEwen:
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).
Also
Den 12/03/2017 kl. 19.24 skrev Rob McEwen:
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH mone
We used giglinx.There was a third party that was validating the
blocks, and they/we caught a lot of issues with the first block for offer.
This was the second block offered, and it looked decent, but I never
personally checked the /16 parent. I was only looking at the /18. The
reason I
Looks like it was taken off the list in Sept 2016. I suppose this could
be the reason why our block is still listed in various networks, even
though it's not on a known 'official' list.
Thanks for the tip Mike.
-
Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-738
The previous owner was XELAS Software in Marina Del Ray, California. I
still see it listed on some geoIP databases, but those have been cleaned
for the most part.
I'm not sure if someone had it before them and they just got rid of it
because of these issues, so I don't want to point fingers a
Their first problem is that
> they are trying to tow a boat with their bicycle.
>
Fair statement for anyone who has not deployed ipv6 and thinks emailing
nanog to get them off a blacklist will help.
> --
> Rob McEwen
>
>
>
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).
Also, you're comparing apples-to-oranges. Dynamica
On 3/12/2017 2:00 PM, Baldur Norddahl wrote:
Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH money to be made doing so. But the longer
term rep
On Sun, Mar 12, 2017 at 7:53 PM, Baldur Norddahl
wrote:
>
>
> Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:
>
>> http == TCP
>> DNS == (usually) UDP
>>
>> Big difference here. One requires a three way handshake tearup/teardown,
>> the other does not.
>>
>> It is not an apples to apples compariso
Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH money to be made doing so. But the longer
term repercussions of damaged IP reputation makes
Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:
http == TCP
DNS == (usually) UDP
Big difference here. One requires a three way handshake
tearup/teardown, the other does not.
It is not an apples to apples comparison.
You can replicate (download) the whole WHOIS if you need to. There is
al
On 3/12/2017 11:40 AM, valdis.kletni...@vt.edu wrote:
How does Spamhaus find out the block has been resold?
How do other DNS-based blacklist operators find out?
Spamhaus and other reasonable and well-run DNSBLs:
(1) have reasonable auto-expiration mechanisms (which cover the vast
majority of
On Sun, Mar 12, 2017 at 11:11 AM, Chuck Church wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses
> (RIR ownership change) trigger a removal of that block from all reputation
> list databases?
Hi Chuck,
You're talking about 50+ database operators half of which don't
iden
On Sun, Mar 12, 2017 at 05:59:59PM +0200, Chris Knipe wrote:
> It's a loosing battle, and a failed system. Don't blame the purchaser,
> it's a lack of oversight on the part of who ever does the blacklisting.
You bought damaged goods which aren't fit for the purpose you have in mind.
If you had p
On 3/12/17 10:38 AM, Chris Knipe wrote:
On Sun, Mar 12, 2017 at 6:17 PM, wrote:
On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
Sure, that will work. (And no, the problem isn't the number of http hits
on the registries. 35,840,000,000 hits per day is the easy part...)
And yet, ther
On 3/12/17 9:11 AM, Chuck Church wrote:
Maybe a silly idea, but shouldn't the sale of a block of addresses
(RIR ownership change) trigger a removal of that block from all
reputation list databases? If I buy a car from a police auction, I'm
fairly sure the FBI doesn't start tailing me, because th
On Sun, 12 Mar 2017 18:38:21 +0200, Chris Knipe said:
> On Sun, Mar 12, 2017 at 6:17 PM, wrote:
> > on the registries. 35,840,000,000 hits per day is the easy part...)
> And yet, there's no problems of BILLIONS of queries against RBL DNS servers?
As I said, that's not the problem.
pgp2uqJvhXP
On Sun, Mar 12, 2017 at 6:17 PM, wrote:
> On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
>
>
> Sure, that will work. (And no, the problem isn't the number of http hits
> on the registries. 35,840,000,000 hits per day is the easy part...)
>
And yet, there's no problems of BILLIONS of quer
On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
> > How do all the AS's that have their own internal blacklists find out that
> > they should fix their old listings? (Note that this is the exact same
> > problem
> > as "We got blacklisted because of a bad customer, we axed the customer, but
On Sun, Mar 12, 2017 at 5:59 PM, Baldur Norddahl
wrote:
> They could watch the routing table and notice which ASN is actually using
> the address space. In fact ASN reputation might work better than IP space
> reputation.
>
+1
And not only the originating ASN, but to a lesser extend, adjacent
On Sun, Mar 12, 2017 at 5:40 PM, wrote:
>
> How does Spamhaus find out the block has been resold?
>
> How do other DNS-based blacklist operators find out?
>
>
>From the REGISTRY as the ultimate custodian of the IP block.
> How do all the AS's that have their own internal blacklists find out th
They could watch the routing table and notice which ASN is actually using
the address space. In fact ASN reputation might work better than IP space
reputation.
Fact is that the current approach does nothing to stop spammers from
swapping space when they are done abusing one space. The argument tha
On Sun, Mar 12, 2017 at 11:11:41AM -0400, Chuck Church wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation
> list databases?
If we'd not seen many, MANY instances where this was done as a ruse
to p
On Sun, 12 Mar 2017 11:11:41 -0400, "Chuck Church" said:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases? If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start
Chuck,
* Chuck Church (chuckchu...@gmail.com) wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases? If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start
What should and does happen are two different
things. The reputation lists aren't a regulated entity. The FBI is.
At 11:11 AM 12/03/2017, Chuck Church wrote:
Maybe a silly idea, but shouldn't the sale of a
block of addresses (RIR ownership change)
trigger a removal of that block from all
Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
ownership change) trigger a removal of that block from all reputation list
databases? If I buy a car from a police auction, I'm fairly sure the FBI
doesn't start tailing me, because the car was once used for less than legal
I am interested in what broker you used as well. We have used a few that do a
little due diligence on their end, but we still do our own. We have seen an
auction pulled due to the space having a bad reputation, but we were the ones
who had to step up and say something.
Justin Wilson
j...@
33 matches
Mail list logo
