Re: dnsbl's? - an informal survey
Hello Jack , On Fri, 30 May 2003, Jack Bates wrote: Mr. James W. Laferriere wrote: snip White listing is NOT what was being discussed . Tho is can be adventagous in the right circumstances . snip And neither was Static addressing . Filtering was being discussed based on some unknown (to me probably others as well) methodology . Twyl , JimL White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Query , How is it determined that the address in question is dynamic or not ? Who/how/what makes that determination ? This is the core of my concerns . Given the number of insecure client systems on dynamic addressing (proxy servers, trojans, etc), accepting email from dynamic addresses is becoming inherently more dangerous. If smarthosts can't be used from those addresses, then special whitelisting can be done. Highly agreed . But sure am hoping some better solutions are being developed . Of course, the person implementing email blocks of any type, especially public blacklists, must take some ammount of responsibility in maintaining legitimate email communications as dictated by users. YES ! Without this there is no check /or balance to the procedure/s in use . Twyl , JimL -- +--+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkEngineer | P.O. Box 854 | Give me Linux | | [EMAIL PROTECTED] | Coudersport PA 16915 | only on AXP | +--+
Re: dnsbl's? - an informal survey
On Sat, 31 May 2003, Mr. James W. Laferriere wrote: White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Query , How is it determined that the address in question is dynamic or not ? Who/how/what makes that determination ? This is the core of my concerns . It's usually determined via in-addr.arpa, whois data, or direct information from the provider. When MAPS was freely available, I used to periodically email them updates on our IP space (please add these dial ranges, please remove these others). I'm sure others did the same. AFAIK, they had at least one FTE who's job it was to maintain the DUL. Those large providers who stole copies of the DUL before MAPS pulled the plug on them, and continued to use them without maintenance still annoy me as we've run into issues multiple times with space removed from the DUL still being in their private copies. -- Jon Lewis [EMAIL PROTECTED]| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: dnsbl's? - an informal survey
On Sat, 31 May 2003 [EMAIL PROTECTED] wrote: On Sat, 31 May 2003, Mr. James W. Laferriere wrote: White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Query , How is it determined that the address in question is dynamic or not ? Who/how/what makes that determination ? This is the core of my concerns . It's usually determined via in-addr.arpa, whois data, or direct information from the provider. When MAPS was freely available, I used to periodically email them updates on our IP space (please add these dial ranges, please remove these others). I'm sure others did the same. AFAIK, they had at least one FTE who's job it was to maintain the DUL. Many providers list their own dynamically assigned blocks voluntarily. It helps the fight against spam to an extent; plus it's good PR. Someday I expect to either see someone create a list of known MTAs through which you must register it with some entity, or a list of everything that isn't an MTA--every statically/dynamically assigned desktop, laptop, home node, etc... If that ever happens the results should be quite interesting. Those large providers who stole copies of the DUL before MAPS pulled the plug on them, and continued to use them without maintenance still annoy me as we've run into issues multiple times with space removed from the DUL still being in their private copies. I agree. Something like that could have large chunks go stale in a hurry. If you toss in the number of providers going belly-up since MAPS went commercial, then that's a lot netblocks that shouldn't be in the DUL and aren't if people are paying for a current copy (like we do). Justin
Pesky spammers are using my mailbox
Hi, seems some spammers are using one of my personal domains as the from field in their emails, the local-part being random so I cant easily block it. Has anyone any advice on tracking them down and making them stop? All I get are the bounces, some include the original headers but that usually gives an open relay as the origin. I think I know the answer (you cant do anything) but I wanted to ask as its very annoying and I'm not happy! PS Anyone around at the Sheraton today.. I cant spot anyone looking nanogish! Steve
Re: IANA reserved Address Space
snip blah Since all of the replies have been pretty close to the same (Use RFC1918 ...etc), I'd like to rephrase it to answer a curiosity of mine. The answers seemed correct, rephrasing wont change current systems or policies to suit you! RFC1918 is a set number of IP addresses. If you are working on a private network lab Use anything you like, its private. that will be on the internet eventually or have parts on the internet and exceeds the total number of IPV4 addressing set aside in Follow the current policy for public Internet Address space, get what IPs you need, implement NAT where/if possible. RFC1918, and IPV6 private addressing is not an option, what can you do? (I thats the way it is, take it or leave it.. Steve know it's a stretch, but I think it asks specifically what Brennan wants to know and what I'm curious about now) IPV6 would seem to be the best answer overall since it has already been determined the solution for limited addressing, but there is still equipment/software and such that does not support it. Brennan, is a mix of IPV6 and IPV4 private addressing an option for you? I do have to agree wholeheartedly that using address space not assigned to you is unprofessional, and will cause someone headaches later even if it is not you. Gerald
Re: Pesky spammers are using my mailbox
On Sat, 31 May 2003, Stephen J. Wilcox wrote: seems some spammers are using one of my personal domains as the from field in their emails, the local-part being random so I cant easily block it. Has anyone any advice on tracking them down and making them stop? Tactical baseball bat at close range? :) I and a number of coworkers are getting similar bounces, except the spammers are actually using our full email addresses as the from address. The first few cases of this, I wrote off to things like KLEZ...but recently I've gotten actual spam bounces where my work email address was the original from. I suppose it could possibly still be something like KLEZ and it's grabbing a spam from their inbox and sending that out with a forged from. -- Jon Lewis [EMAIL PROTECTED]| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Pesky spammers are using my mailbox
At 02:39 PM 5/31/2003, you wrote: On Sat, 31 May 2003, Stephen J. Wilcox wrote: seems some spammers are using one of my personal domains as the from field in their emails, the local-part being random so I cant easily block it. Has anyone any advice on tracking them down and making them stop? Tactical baseball bat at close range? :) I and a number of coworkers are getting similar bounces, except the spammers are actually using our full email addresses as the from address. The first few cases of this, I wrote off to things like KLEZ...but recently I've gotten actual spam bounces where my work email address was the original from. I suppose it could possibly still be something like KLEZ and it's grabbing a spam from their inbox and sending that out with a forged from. There are known spamming viruses making their rounds that I believe behave like klez and others that use known email addresses. A couple of our customers have been infected by them and have had their computers unknowingly sending out spam. Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't.
Re: Pesky spammers are using my mailbox
[EMAIL PROTECTED] wrote: I and a number of coworkers are getting similar bounces, except the spammers are actually using our full email addresses as the from address. The first few cases of this, I wrote off to things like KLEZ...but recently I've gotten actual spam bounces where my work email address was the original from. I suppose it could possibly still be something like KLEZ and it's grabbing a spam from their inbox and sending that out with a forged from. A good section of my users get User unknown bounces from the AOL servers where spammers are using their spam lists not only as recipients, but to spoof senders. Most of the time, it's just two or three per user. There are cases where the remote server has to be contacted reguarding the bounces to request that bounce handling for the domain be turned off. -Jack
ISP in Exodus Dulles (Sterling)?
Are you an ISP (in the sense of terminates leased line type things) in Exodus Dulles (aka Sterling)? If so, I'd like to ask you a few questions off list. Thanks. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgp0.pgp Description: PGP signature
Re: IANA reserved Address Space
On Fri, 30 May 2003 [EMAIL PROTECTED] wrote: I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space: 1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8 I encourage my competitors to do this. or read another way, this is fairly stupid, but as log as this stupidity doesn't affect me, I don't care. However the person tasked with cleaning tha crap up behind you may not feel the same. Doing something right, the first time saves having to do it over again and again and again and again. If this is a test lab or a learning/practice lab where the users will be simulating real-world scenarios and/or doing NAT and other things that involve public/private addressing issues, then it would IMHO be suitable to use a mix of reserved private space and routable space as appropriate. The only difference between routed and unrouted (note the difference between that and routable) is consensus. There is nothing inherent in the bits which prevents RFC1918 from being routed globally. There is no requirement to use RFC1918 for NAT. Therefore, your argument doesn't hold water. If the entity for some stupid reason can't use RFC1918, they can and should use their _own_ address space for the balance.
Re: Pesky spammers are using my mailbox
Hi, Stephen. ] seems some spammers are using one of my personal domains as the ] from field in their emails... This is also happening to one of my domains. The spam advertised two web sites, one in Brasil and the other in China. I attempted to contact these folks, but the domain in China doesn't accept inbound email. :/ The hosts used to send the mail are all hacked Windows boxes. I notified all of the ISPs that had hacked hosts, but decided to focus my energy on the two sites being advertised. I'm not accusing them of launching the Joe Job, but I doubt a spammer would randomly advertise these sites. Perhaps these two sites hired a shady marketing group. Anyway, this is really all I could do. The spam never uses my resources, except for the bounces. I share your pain. :( ] PS Anyone around at the Sheraton today.. I cant spot anyone looking ] nanogish! I just arrived, and I look pretty darn NANOGish if I do say so myself. :) Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);