Again, we are getting pretty off-topic.. but for the record..
inetnum: 5.9.170.240 - 5.9.170.255
netname: HOS-201823
descr: HOS-201823
country: DE
admin-c: HOAC1-RIPE
tech-c: HOAC1-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
created: 2017-06-23T01:18:48Z
last-modified: 2017-06-23T01:18:48Z
source: RIPE # Filtered
role: Hetzner Online GmbH - Contact Role
address: Hetzner Online GmbH
address: Industriestrasse 25
address: D-91710 Gunzenhausen
address: Germany
[240-255]
5.9.170.244 (RS) 3
static.244.170.9.5.clients.your-server.de
5.9.170.245 (RS) 4
static.245.170.9.5.clients.your-server.de
5.9.170.246 (RS) 3
static.246.170.9.5.clients.your-server.de
5.9.170.247 (RS) 1
static.247.170.9.5.clients.your-server.de
We have automated systems that detect outbreaks like these from many
hosting providers, close to zero day, but yes.. it seems that they are
giving 'new customers' IP Space that are just snowshoe spammers, or
general spammers, and it is still happening on an almost daily basis, so
their methods for 'signing up' new customers does seem to be having it's
challenges, or they aren't concerned until AFTER the abuse reports roll in.
It would help if they advertised the operator of the delegated IP space
properly in their 'rwhois/SWIP', but aside from that, it isn't hard for
them to see sudden large increases in outbound SMTP from new operators
if they want to. (HOS-201823 doesn't really help anyone)
And egress reporting is available in almost every router out there, eg
creating alerts when a sudden large amount of traffic on egress to port
25 is generated.
And of course, no outbound email should be allowed to port 25, from
certain DNS naming conventions..
Any hosting company which waits for an 'abuse report' before acting, is
bound to end up with reputation problems..
On 17-07-10 12:41 PM, John Levine wrote:
In article <34c9f2de-c6bf-69af-6570-f17b3f283...@latter.org> you write:
We have been in the Hetzner "neighbourhood" for years. This is our
fourth server (and hence IP address) there and the first time we have
had this issue. [1]
Honestly, you're lucky. Hetzner gushes spam, and I've had most of their
IP ranges totally blocked for years. I report a lot of it (semi-automatic
tools) which has never made any difference I could see.
But it shouldn't matter. We are not spammers. It is stupid to block
a range of IP addresses on the behaviour of one.
But it makes a lot of sense to block a range of IP addresses when the
whole range gushes spam. Whenever I've looked at the logs, the stuff
from Hetzner is like 99% spam.
R's,
John
PS: Unpersuasive argument: "This is inconvenient for me, therefore you should not do
it."
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
