Hi, On Mon, 28 Jul 2003 01:12:42 +0200 Tony Earnshaw <[EMAIL PROTECTED]> wrote:
> Nix wrote: > > >>however, blocking entire IP classes such as 61.*.*.* is, in my opinion, a > >>very narrow minded thing to do. keep in mind that the internet is a global > >>entity, and by blocking that particular IP class, you'll have blocked me > >>from being able to reply to you. > > > > Not necessarily. Blocking 240.0.0.0/5 is fine. > > So is blocking 224.0.0.0/4. What's that got to do with blocking Alan's > 61.0.0.0/4 netblock? By even *joking* about such a thing, you're putting > yourself into the luser subcategory, tantamount to those advocating > blocking all European domains because "they get so much spam from > Europe." Purely an admission that they shouldn't be administering > anything that has to do with the Internet. Bah. Blocking all European domains because "they get nothing but spam from Europe" isn't unreasonable. Draconian? Not if what they say is true and their traffic patterns don't change. If the vast majority of the traffic from a given network or geographical region is abusive (e.g. extremely small ham/spam ratio) and blocking great swaths of the internet doesn't upset local users or violate local policy, then the practice of blocking great swaths of network space seems pretty defensible to me. The trick is in the definitions of 'vast majority' and 'upset local users' and keeping blocklists up-to-date. And while in an ideal world, we'd block as little as possible, due to constraints on manpower, software, etc., it may be reasonable to block, say, 61.0.0.0/8[*]. Not ideal but depending on the size and intent of the network, possibly desirable and defensible. I don't recommend it in general but my network, my pager, my rules. :/ YMMV, -- Bob [*] FWIW, I have the following parts of 61.0.0.0/8 firewalled off: ipchains -A input -i $FW_DEV_WORLD -s 61.131.0.0/17 -j DENY -l ipchains -A input -i $FW_DEV_WORLD -s 61.144.0.0.0/16 -j DENY -l ipchains -A input -i $FW_DEV_WORLD -s 61.166.65.192/28 -j REJECT -l ipchains -A input -i $FW_DEV_WORLD -s 61.169.0.0/16 -j DENY -l ipchains -A input -i $FW_DEV_WORLD -s 61.170.0.0/15 -j DENY -l This is mostly due to probes, scans, and relay or penetration attempts. ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
