For the record, yes.. place the blame where it should be, on the network
operator that allows it.. and Grant's suggestion is the better method if
you can implement...
Use 'detection' to find the bad guys, either by IP or ASN, insert those
into a a reputation list, even if it is only your own.. then use BGP at
the routers above you, to blackhole every ASN or IP in that reputation list.
Nothing to do with the TLD or domain .. that will change tomorrow, it is
the network that is doing bad things..
And if they are spamming, they probably are also launching other
attacks, whether it be phishing, AUTH, SSH, or hosting malware pages..
If the network operator doenst care about one, he won't care about the
others..
Just don't allow ANY traffic from those 'bullet proof' hosters..
IMHO
That's why guys like SpamHaus (ROCKSO), and our threat teams
(RATS-NULL), have more aggressive reputation lists.. the "Why wait for
what they throw at us next".
Netizens have to be responsible for their own actions.. no matter how
big they are.. (Digital Ocean, Amazon, Gcloud, Azure), and if they
aren't taking action, that is action in itself.
Smaller operators abound (Servius, Baxet etc) but their IP space is
already to badly stained..
Set, it, and forget it..
BGP blackhole is your friend.
On 2022-05-27 14:22, Grant Taylor via mailop wrote:
On 5/27/22 3:10 PM, Michael Rathbun via mailop wrote:
I have a script that detects these guys when they fire up a new /24,
which happens about 1.3 times per week, and puts new rules in the MTA.
Is there a reason that you (dynamically) re-configure your MTA(s) via a
script verses configuring an upstream router to not route traffic from
the IPs in their ASN?
I'm just trying to understand and learn vicariously through you.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
