On Sat, 7 Apr 2007, Chris Owen wrote:
And how do you know the difference? The Cox IP address is SWIPed. Its
even sub-allocated. The allocation is just a /19.
Exactly, so why not just block whatever the suballocation is? Would mean
that companies that properly SWIP their IP-blocks and put
I guess our upstream provider is a nobody because they have lots of small
sub-allocated blocks less than a /24 that they route to different member
ISPs. =)
What is the point of blocking a /24 on the basis of a /32 if the ISP manages
dozens of other /24 or larger blocks? If you're going to do it,
On Sat, 7 Apr 2007 20:41:19 -0500 (CDT)
Robert Bonomi <[EMAIL PROTECTED]> wrote:
BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a
provider's
network are riddled with problems and 'which parts' are _not_? *WHO* pays
me to do the research to find out where the end-user boundari
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Chris Owen <[EMAIL PROTECTED]> wrote:
>On Apr 8, 2007, at 2:51 AM, Fergie wrote:
>
>> Again, a simple recursive WHOIS will show you sub-allocations if they
>> are properly SWIP'ed.
>
>Define "properly". The Cox addresses in my example are SWIPe
>> Sure, block that /29, but why block the /24, /20, or even /8?
Since nobody will route less than a /24, you can be pretty sure that
regardless of the SWIPs, everyone in a /24 is served by the same ISP.
I run a tiny network with about 400 mail users, but even so, my
semiautomated systems are se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 8, 2007, at 2:51 AM, Fergie wrote:
Again, a simple recursive WHOIS will show you sub-allocations if they
are properly SWIP'ed.
Define "properly". The Cox addresses in my example are SWIPed. Are
they "properly" SWIPed? How could you te
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Chris Owen <[EMAIL PROTECTED]> wrote:
>On Apr 7, 2007, at 11:41 PM, Fergie wrote:
>
>> Please read what I wrote:
>>
>> "I would think that it's actually very easy to do when
>> sub-allocations are SWIP'ed."
>>
>> I cannot, and will not, presuppo
Robert:
You still haven't answered the question: how wide do you block? You got an
IP address that you know is offensive. Is your default policy to blacklist
just that one, do the /24, go to ARIN and find out the size of that block
and do the whole thing, or identify the AS and block traffic fr
> BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's
> network are riddled with problems and 'which parts' are _not_?
I don't know the answer in your case, but in my case the answer is my
employer. More specifically, my employer pays me to block junk and let good
traffic
> From: "Frank Bulk" <[EMAIL PROTECTED]>
> Subject: RE: Abuse procedures... Reality Checks
> Date: Sat, 7 Apr 2007 16:20:59 -0500
>
> > If they can't hold the outbound abuse down to a minimum, then
> > I guess I'll have to make up for their negligence on my end.
>
> Sure, block that /29, but w
That sounds like a very reasonable perspective and generally the route I
follow both as a operator and as someone who works with others.
Frank
-Original Message-
From: william(at)elan.net [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 07, 2007 6:23 PM
To: Frank Bulk
Cc: nanog@merit.ed
Stephen:
Are you saying that if there's nefarious IP out there let's automatically
blacklist the /24 of that IP? J. Oquendo was describing his own methods and
they sounded quite manual, manual enough that he's getting down to a /8 as
necessary to blacklist a non-responsive operator. My point is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 7, 2007, at 11:41 PM, Fergie wrote:
Please read what I wrote:
"I would think that it's actually very easy to do when
sub-allocations are SWIP'ed."
I cannot, and will not, presuppose that in cases when they are
not SWIP'ed that some kind of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Chris Owen <[EMAIL PROTECTED]> wrote:
>On Apr 7, 2007, at 11:00 PM, Fergie wrote:
>
>> I would think that it's actually very easy to do when
>> sub-allocations are SWIP'ed.
>
>Not that I'm really defending this policy, but sub-allocations are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 7, 2007, at 11:00 PM, Fergie wrote:
I would think that it's actually very easy to do when
sub-allocations are SWIP'ed.
Not that I'm really defending this policy, but sub-allocations are
very often not SWIPed. I'd say 75% or more of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Stephen Satchell <[EMAIL PROTECTED]> wrote:
>It's *very* hard to do it with an automated system, as such automated
look-ups are against the Terms of Service for every single RIR out there.
>
Exactly why is this hard to do?
I would think that
Frank Bulk wrote:
> [[Attribution deleted by Frank Bulk]]
Neither I nor J. Oquendo nor anyone else are required to
spend our time, our money, and our resources figuring out which
parts of X's network can be trusted and which can't.
It's not that hard, the ARIN records are easy to look up.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "william(at)elan.net" <[EMAIL PROTECTED]> wrote:
>On Sat, 7 Apr 2007, Fergie wrote:
>
>> I would have to respectfully disagree with you. When network
>> operators do due diligence and SWIP their sub-allocations, they
>> (the sub-allocations) sho
On Sat, 07 Apr 2007 11:40:50 PDT, Thomas Leavitt said:
> ... and why aren't bounce messages standardized in content and formatting?!?
Jiminy creepers, why can't people run software that implements standards
from the last frikking *millenium*??!?
1891 SMTP Service Extension for Delivery Status No
On Sat, 7 Apr 2007, Frank Bulk wrote:
If they're properly SWIPed why punish the ISP for networks they don't even
operate, that obviously belong to their business customers?
All ISPs have AUPs that prohibit spam (or at least I hope all of you do)
though are enforced at some places better then
If they're properly SWIPed why punish the ISP for networks they don't even
operate, that obviously belong to their business customers? And if the
granular blocking is effectively shutting down the abuse from that
sub-allocated block, didn't the network operator succeed in protecting
themselves?
On Sat, 7 Apr 2007, Fergie wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Rich Kulawiec <[EMAIL PROTECTED]> wrote:
1. There's nothing "indiscriminate" about it.
I often block /24's and larger because I'm holding the *network* operators
responsible for what comes out of their ope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Rich Kulawiec <[EMAIL PROTECTED]> wrote:
1. There's nothing "indiscriminate" about it.
>I often block /24's and larger because I'm holding the *network* operators
>responsible for what comes out of their operation. If they can't hold
>the outb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 7, 2007, at 4:20 PM, Frank Bulk wrote:
Sure, block that /29, but why block the /24, /20, or even /8?
Perhaps your
(understandable) frustration is preventing you from agreeing with
me on this
specific case. Because what you usually see i
> On Sat, Apr 07, 2007 at 02:31:25PM -0500, Frank Bulk wrote:
> > I understand your frustration and appreciate your efforts to contact the
> > sources of abuse, but why indiscriminately block a larger range of IPs
than
> > what is necessary?
>
> 1. There's nothing "indiscriminate" about it.
>
J. Oquendo wrote:
...
So to answer your question about fairness... It's not fair by any
means, but it is effective. I see it as follows...
Well, that's the reason why I have a gmail account and all my
customers have.
I can send even from my dynamic ip-address and still they
let me in.
They c
On Sat, 7 Apr 2007, Frank Bulk wrote:
>
> While you have your friend's ear, ask him why they maintain a spam policy of
> blocking complete /24's when:
> a) the space has been divided into multiple sub-blocks and assigned to
> different companies, all well-documented and queryable in ARIN
> b) th
On Sat, Apr 07, 2007 at 02:31:25PM -0500, Frank Bulk wrote:
> I understand your frustration and appreciate your efforts to contact the
> sources of abuse, but why indiscriminately block a larger range of IPs than
> what is necessary?
1. There's nothing "indiscriminate" about it.
I often block
On Sat, 2007-04-07 at 14:43 -0500, Frank Bulk wrote:
> One of the reasons that registrars are slow to take down sites that are paid
> with a credit card is because there is little financial incentive to do
> so.
Also there is the "customer numbers" affect, most often seen with public
companies or
One of the reasons that registrars are slow to take down sites that are paid
with a credit card is because there is little financial incentive to do
sothey've lost money it already, why have a department whose priority is
speed if you can hire a person to do it at their own pace and minimize t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here's what one of the messages my system produces:
Apr 7 12:02:26 tongs postfix/smtpd[15229]: NOQUEUE: reject: RCPT from
mail.middreut.com[208.61.243.195]: 454 Service unavailable; Client host
[208.61.243.195] blocked using dnsbl.cagreens.org; Whoo
On Sat, 07 Apr 2007, Frank Bulk wrote:
> Joe:
>
> I understand your frustration and appreciate your efforts to contact the
> sources of abuse, but why indiscriminately block a larger range of IPs than
> what is necessary?
>
Far too many times I've tried to contact those who have the DIRECT a
Joe:
I understand your frustration and appreciate your efforts to contact the
sources of abuse, but why indiscriminately block a larger range of IPs than
what is necessary?
Here's the /24 in question:
Combined Systems Technologies NET-CST (NET-207-177-31-0-1)
207.177.31.0 - 207
On Sat, 07 Apr 2007, Frank Bulk wrote:
>
> While you have your friend's ear, ask him why they maintain a spam policy of
> blocking complete /24's when:
> a) the space has been divided into multiple sub-blocks and assigned to
> different companies, all well-documented and queryable in ARIN
> b) t
While you have your friend's ear, ask him why they maintain a spam policy of
blocking complete /24's when:
a) the space has been divided into multiple sub-blocks and assigned to
different companies, all well-documented and queryable in ARIN
b) there have been repeated pleas to whitelist a certain
Dear Colleagues:
Anyone have a pointer to a list of regulations, or know off the top of
your head, related to data privacy at US ISP's? CALEA? CANSPAM? DMCA?
et. al.
Please reply off list and I will summarize responses back to the list
at a later date.
Best Regards,
Martin
36 matches
Mail list logo