Re: Spam filtering bcps
On Wed, Apr 12, 2006 at 03:35:51PM -0400, [EMAIL PROTECTED] wrote: > On Wed, 12 Apr 2006 14:28:59 CDT, Bryan Bradsby said: > > > > > Silently deleting other people's e-mail should never even be considered. > > > > Unless that email is a virus, or a spam with a forged envelope sender. > > No, in that case you 550 the sucker. Unfortunately there is plenty of mailing list manager software that will disable your subscription if your mail is rejected enough times. Mailman being a good example. I have been unsubbed from mailman lists that have allowed viruses through, even with the default mailman settings for boucne processing. In a perfect world, no mailing lists distribute spam, viruses and malware. At the moment therefore while practicing reject after DATA I do find it necessary to mark as spam and accept if it has Precedence: bulk (or list or whatever), because otherwise my users complain and "don't subscribe to poorly-managed lists then" is not an acceptable answer for them. Regards, Andy signature.asc Description: Digital signature
Re: IRC Bot list (cross posting)
On Thu, Feb 10, 2005 at 12:09:48AM -0800, william(at)elan.net wrote: > However since there was shown enough of the interest from people on nanog@ > to help in killing bots and knowing about it, may I suggest that people > who are doing the tracking setup the following: For the DNSBLs that list things like proxies, most of them also offer to sent notifications to AS or netblock contacts, so if you're interested in that then contact them too. pgpcRdnOI3nE7.pgp Description: PGP signature
Re: Where can I find a list of IPs and their regions.
On Mon, Feb 09, 2004 at 07:43:02PM -0500, Matthew Crocker wrote: > I've look at IANA but it doesn't give enough detailed information. I > would like to find a list of /8 or /16s and what geographic region the > exist in. I know it isn't an exact science but something close would > be nice. I know 210/8 & 211/8 are APNIC, I likes to know stuff like > 210.100/16 is Korea and 210.120/16 is China, etc. Does anyone have a > list I can pull from? If ISO country code is enough detail, http://countries.nerd.dk/more.html
Re: Any way to P-T-P Distribute the RBL lists?
On Thu, Sep 25, 2003 at 09:41:07PM +0200, Sabri Berisha wrote: > Whatever you come up with, it practically always has a downside: > spammers can get the whole list as well. > > Image an open-proxy-dnsbl being distributed via peer to peer or via > distributed means as usenet. Spammers would love it as they no longer > have to scan for themselves, same for open relays. Most of the large open proxy dnsbls in existence already offer their zones to essentially anyone via rsync. http://abuse.easynet.nl/proxies.html skip down to "rsync"
Re: Verisign changes violates RFC2821, and spam implications
On Wed, Sep 17, 2003 at 04:40:29AM -0500, Stewart, William C (Bill), RTSLS wrote: > It's even more fun with dictionary attacks, where the spammer targets [EMAIL > PROTECTED] > through [EMAIL PROTECTED] - A DNS rejection would cause a direct attacker > or (more likely) a relay attacker to give up quickly, and a 554 might do that also, > while rejecting all 26**8 recipients one at a time is probably just the kind of > behaviour > that spamware is happy to talk to all day. Now all Verisign needs to add is a > teergrube function > to generate its responses very slowly after the first couple of them and they'll > stay tied up for months, > especially since many of them won't notice that bogusdomain1.com through > bogusdomain32767.com > are all going to the same IP address, since that's not uncommon virtual hosting > behaviour. I think it is hoping rather too much to expect spamware authors to be unable to modify their scripts to detect the verisign IP.
Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
On Wed, Aug 06, 2003 at 10:37:43AM -0500, neal rauhauser 402-301-9555 wrote: > >Someone has changed the channel topic to "CLOSED, Thanks for the post > to NANOG :-(" > > But I don't see hosts being k-lined - I imagine if IRCops took an > interest in this they'd be lopping off heads. Lopping off whose heads? Who exactly would you K: line? The people who own those machines who have no idea they even have a process connecting to IRC? Or thousands of K:lines for trojans on dynamic IPs? Not sure how either approach would really do anything useful, I guess that Undernet will just render the channel unusable in the hope that whoever is responsible will then be unable to gather/use their trojans. Unfortunately they will now just update their trojan to connect to some other place, and start redistributing.. all chances of doing further tracing of who is responsible probably ended with this being reported in public here on nanog, and I guess that's why the topic has a ":(" in it.
Re: dnsbl's? - an informal survey
On Fri, May 30, 2003 at 10:59:50AM -0700, Crist J. Clark wrote: > I don't have an answer for the originator, but this reminded me of > something about DNSBLs that I've been meaning to ask. Does anyone know > of a black hole list of dynamic cable and DSL clients? What I really > want is one that mimics AOLs block list of dynamic IPs. Wirehub^WEasynet NL's Dynablocker might fit your bill, at least they have documented what they include. http://abuse.easynet.nl/dynablocker.html