?
--
Andrew, Supernews
http://www.supernews.com
announcements are blocked
Sebastian probably due to bogon lists.
I don't think this is anything to do with bogons. I see those routes
via Cogent and _only_ via Cogent - none of our other transit providers
have them at all.
I suspect a problem with your announcements themselves.
--
Andrew, Supernews
http
bandwidth for text is so small (couple of
hundred kbits) and the storage requirements so modest (one 36GB spool
disk will hold a month's traffic).
--
Andrew, Supernews
http://www.supernews.com -- individual and corporate NNTP services
the ingress direction (customer equipment - your network)
does not help (until _everyone_ does it), since the spammer only needs
to _receive_ traffic with the hijacked IP, not send it (that can be
done from the other corner of the spammer's triangle route).
--
Andrew, Supernews
http://www.supernews.com
the fact that they are generating
unnecessary queries to other people's DNS servers?
--
Andrew, Supernews
http://www.supernews.com
trying to log traffic in ACLs)
that result in your main traffic flows being punted to the MSFC.
There are lots of other advantages besides the ones you mentioned,
though.
--
Andrew, Supernews
http://www.supernews.com
its expected workload just to accomodate all the bozos who
accept-and-bounce, uncontrolled backscatter, sender verification,
C/R, and all the other cost-shifting methods out there.
--
Andrew, Supernews
http://www.supernews.com
over quota and
_stay_ that way should be set to reject traffic at SMTP time, so that
they don't become continuous sources of backscatter).
--
Andrew, Supernews
http://www.supernews.com
way for a third party to answer
the question should AS N be announcing prefix X. The history of
netblock thefts shows that even network providers have a hard time
answering the question should my customer C be announcing prefix X.
--
Andrew, Supernews
http://www.supernews.com
regarding his service, but of course this does not excuse him from the
normal responsibility to handle emailed abuse reports.
--
Andrew, Supernews
http://www.supernews.com
address with no attempt to verify that the person
making the request has the right to use that address?
--
Andrew, Supernews
http://www.supernews.com
209.244.1.179: Operation timed out
Doesn't seem to have made much difference yet...
--
Andrew, Supernews
http://www.supernews.com
.
--
Andrew, Supernews
http://www.supernews.com
obvious examples that I know of. I'm sure there are more.
--
Andrew, Supernews
http://www.supernews.com
Paul == Paul Vixie [EMAIL PROTECTED] writes:
Paul well, in sbc-dsl-land, port 25 and port 587 are blocked, but
Paul port 26 gets through.
I have a port-587 relay on my network which is used by some
sbc-dsl-land users... they don't appear to be blocked
--
Andrew, Supernews
http
to kludging this
Owen instead of just going for it assuming a 32bit world.
Was I the only person who noticed when someone (apparently) typoed
their router config and leaked a 32-bit ASN into the global table?
(This was about 3 months back - I don't recall any mention of it
then)
--
Andrew
adopted policy 2003-5 (requirements for RWhois servers). That policy
expressly states that reassignment info must be available to the
public and not just to ARIN staff. There is nothing given in the
rationale for 2004-6 to explain why 2003-5 should be summarily
overruled in this way.
--
Andrew
+ megabits at peak times, average maybe 130 megabits over a day -
i.e. 1300 - 1350 GB/day on a heavy day).
Cut out the multipart binaries upstream and you only need about a
megabit.
--
Andrew, Supernews
http://www.supernews.com
IP addresses.
--
Andrew, Supernews
http://www.supernews.com
links.
--
Andrew, Supernews
http://www.supernews.com
is in a different netblock).
Oh. _Very_ interesting.
--
Andrew, Supernews
as the same, even though they happen to be using the same
underlying protocol, is just going to cause pain.
--
Andrew, Supernews
http://www.supernews.com
as bad as it was at its peak, but it's still very much
present.
--
Andrew, Supernews
http://www.supernews.com
from there.
--
Andrew, Supernews
http://www.supernews.com
incoming SMTP traffic. The reason for this is that the CBL
lists a very large number of dynamic IPs, and has a very long
expiration time (months). Accordingly, using it to block general
traffic will have a high false-positive rate.
--
Andrew, Supernews
http://www.supernews.com
about HELO names, then it's better to
require that the HELO has an A record pointing to the connecting IP,
rather than look at PTR.
--
Andrew, Supernews
http://www.supernews.com
Chris == Chris Adams [EMAIL PROTECTED] writes:
Once upon a time, Andrew - Supernews [EMAIL PROTECTED] said:
If you're going to get picky about HELO names, then it's better to
require that the HELO has an A record pointing to the connecting IP,
rather than look at PTR.
Chris That isn't
a few minutes at a
time, but it's _much_ more likely that the block was never announced
and was merely forged into headers of a spam.
--
Andrew, Supernews
)
elby.ch.86400 IN A 213.130.59.30
But the squish.net checker has no limit on referrals - many resolvers,
especially older BIND, will just time out chasing the referrals unless
it already has them cached.
--
Andrew, Supernews
0 1
--
Andrew, Supernews
CEF is often mentioned in Cisco docs as a workaround for
worm traffic problems.)
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services
31 matches
Mail list logo
