On Mon, 9 Apr 2007, Paul Vixie wrote:
than you're describing. for example, this weekend two /24's were hijacked
and used for spam spew. as my receivebot started blackholing /32's, the
Why do you think they were hijacked ? At least for your second block:
1 71.6.213.103
I've
On Sun, 14 Jan 2007, Tony Finch wrote:
I would expect the lists of compromised hosts to be fairly effective -
open proxies of various kinds and perhaps botnet hosts. As for SMTP the
blacklists would only be a starting point that either provide a cheap
preliminary check or feed a more
On Wed, 20 Sep 2006, Randy Bush wrote:
but there are a couple of more significant issues being discussed over
there, those surrounding the community's desires for maintaining mailing
list archive integrity.
Personally I find it sad that at the prospect of a list archive being
censored,
]
Subject: Re: OT: spam from Globix to ARIN POCs
From: Christopher X. Candreva [EMAIL PROTECTED]
Date: Mon, 25 Feb 2002 15:26:36 -0500 (EST)
Cc: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED
On Thu, 15 Sep 2005, jc dill wrote:
My personal website is hosted with DreamHost. They sent this out to their
customers today. Of interest to NANOG is the bit about the N+1 redundant
genset system having 2 generators quickly fail, and in doing so having the
UPS fail and the entire
On Thu, 28 Jul 2005, Geo. wrote:
Have you ever actually tried to get the updates using this method? It really
does take the better part of a week and no less than half a dozen emails or
phone calls and then there is the begging...
I have, on at least two occasions I remember, and I don't
On Fri, 25 Feb 2005 [EMAIL PROTECTED] wrote:
being used on port 25 already. You can do SMTP AUTH just as easily on
port 25 without having to re-educate your users and still net the same
simplified tracking procedures that you mention. It sounds to me like
what we should really be talking
On Fri, 25 Feb 2005, just me wrote:
What are you, stupid? The spammers have drone armies of machines
with completely compromised operating systems. What makes you think
that their mail credentials will be hard to obtain?
What are you, stupid ? Run a virus scanner on your mail relay so
On Fri, 25 Feb 2005, just me wrote:
Most ISPs don't watch logs for the signs of abuse now, why would
they magically change their behavior and monitor logs if they
required auth? Just because there is more of an audit trail doesn't
mean that it will be used.
Because now the server sending
On Fri, 10 Dec 2004, Roy wrote:
While I can't speak to what Verizon is using, Both Exim and Postfix have the
very same feature called address verification. Its in use at a number of
ISPs. My systems reject 1000's of messages every day because of
verification failures.
That would be 1000's
On Thu, 2 Dec 2004, Brandon Butterworth wrote:
Ethernet is cheap and trivial, drop some
code in one of these (cpu is built into the
rj45 socket)
http://www.lantronix.com/device-networking/embedded-device-servers/xport.html
Cheap is relative. These are showing about $50 each, Considering
On Tue, 7 Sep 2004, Jon Lewis wrote:
Any network that doesn't already have it, I highly recommend signing up
for AOL's feedback loop (aka scomp reports) at
http://postmaster.aol.com/tools/fbl.html. This will give you a sort of
early warning system notifying you of spam issues on your
On Tue, 7 Sep 2004, Jon Lewis wrote:
Yeah...there's a certain amount of GIGO since the scomp system relies on
the lusers to decide what's spam and what's not...but that's not a serious
problem. IME, AOL won't block you unless you're getting thousands of
scomp complaints/day and seem to be
On Mon, 6 Sep 2004, Jared Mauch wrote:
does anyone have some pointers to a good (possibly radius+sendmail)
based approach for checking this?
I load rules into the access.db database. lines like this:
To:westnet.com ERROR:5.1.1:550 User unknown
To:[EMAIL PROTECTED]OK
To:[EMAIL
On Sun, 5 Sep 2004, Matt Hess wrote:
source hosts.. Now being as we are a secondary mx I'm dropping their record
out of our email system as I write this, however, I am curious if other have
gone through or are currently going through something of this magnitude (12K
spam/dictionary msgs per
On Tue, 13 Jul 2004, Charles Sprickman wrote:
I'm wondering if there are any ISPs here that are Covad partners that have
found a need to terminate a DSL line alongside a T1 for backup.
Yes. Not doing it currently, but when we did we used a FlowPoint 2200 in
routed mode into the second
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
and then forward it to an internal machine that actually knew what mailboxes
were valid addresses. If you don't do that, then you have to make your
authentication system visible to machines on your DMZ, which has it's
own touchy implications
Or
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
So your auditor wouldn't mind if you kept an unencrypted list of credit card
numbers on a DMZ box, because if somebody hacks the box they can gather those
over time? :)
This is hardly the same thing. E-mail addresses are public, credit card
numbers
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
You're missing the main point - that sometimes things are done in ways
that are sub-optimal or even pessimal from the technical standpoint,
because some other consideration interferes. Yes, it *would* be nice if
everybody in the world
Oh, I know
You're missing the main point - that sometimes things are done in ways
that are sub-optimal or even pessimal from the technical standpoint,
because some other consideration interferes. Yes, it *would* be nice if
everybody in the world
But if you really need a reason to convince someone who
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote:
When it gets built, will it list AOL.COM for not rejecting at the original
RCPT TO? Or Hotmail.com? (Consider the following 2 pieces of mail - mail
Don't know about hotmail, but AOL is working on this. You might want to
check out that SPAM-L list,
On Tue, 18 May 2004, Steven Champeon wrote:
Granted, it's a DSN for an over-quota user, not a nonexistent user, but
the rejection happens after accept, and the DNS goes to the forged sender.
OK Steve let me know when you have the sendmail ruleset to check quota on a
remote host before accepting
On Sat, 21 Feb 2004, Geo. wrote:
traceroute to 248.245.255.191, that's what made me think it was invalid.
It has nothing to do with the x.y.255.z -- the 240.0.0.0/4 is IANA reserved
space. If you had given the whole IP in the first place you could have
saved yourself some abuse. :-)
You are
Sorry to bother the list, but if anyone from Yahoo is listening,
There is an credit card stealing web site hosted by Yahoo. Complaints to
[EMAIL PROTECTED], as usual for complaints about their hosting, are returned
days later saysing Sorry, we can't do anything since this spam didn't come
On Mon, 2 Feb 2004, Barnabas Toth wrote:
Maybe you should try to contact AOL abuse instead? I know, I know... Just
a though.
Thanks to those who replied. I've been contacted directly by an AOL rep
(who the site pretended to be), and an FBI agent.
Interestingly not a peep from Yahoo. Sigh.
On Mon, 2 Feb 2004, Christopher X. Candreva wrote:
Interestingly not a peep from Yahoo. Sigh.
In fairness -- I just heard from someone at Yahoo-inc.com
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services
On Fri, 16 Jan 2004, Ajai Khattri wrote:
I have several users who connect to our mail server from an IP in the
*.ipt.aol.com namespace. All are complaining about intermittent SMTP problems.
I see that outbound SMTP traffic is proxied through AOL servers to our mail
servers. Has there been a
On Thu, 11 Dec 2003, Suresh Ramasubramanian wrote:
This is an old and time honored tradition to deal with lusers anyway,
kind of like the warez.* ftp servers (though one of the more popular
of these, warez.slashdot.org, seems to have found itself a non-localhost
IP some months back) :(
On Sat, 6 Dec 2003, Adam Kujawski wrote:
Why bother with CNAMES or A records? Is there anything wrong with simply using
NS records for each adress? i.e.:
$ORIGIN 109.246.64.in-addr.arpa.
1NS ns1.customerA.com.
1NS ns2.customerA.com.
This will work. For
Since I'm 99% sure the idea (or stupidity thereof :-) of blocking SMTP
servers without reverse DNS came up here in this discussion, I just ran a
manual queue run to clean out a queue, and saw this come up:
... Connecting to mailin-04.mx.aol.com. via esmtp...220-rly-xn05.mx.aol.com
ESMTP
On Wed, 3 Dec 2003, Randy Bush wrote:
you're right. it will be. people will have to clean up their
in-addr.arpa. or am i missing some reason they can't, other
than laziness?
See, this is the war I didn't want to start again. Unless I'm thinking of a
discussion on a different list -- I was
On Wed, 3 Dec 2003, Robert E. Seastrom wrote:
... and it will be a zero-sum game once the spammers (or their
complicit ISPs) fix their in-addrs too.
I disagree. I don't think the spammers, by and large, 'own' their IP
addresses. They are using (as someone said) hijacked space, or compromised
On Sun, 2 Nov 2003, Paul Vixie wrote:
so listen up. just because many of the infected hosts won't be disinfected,
don't assume that there's no value in tracking and reporting them, or that
there's no reason to spend money listening to and acting on complains about
them. the internet's
Over the weekend a customer of mine had his legacy .us domain
under .rye.ny.us stop working, as it is no longer in the root servers.
After doing some checking, a whois on rye.ny.us shows it as inactive.
The customer found this list of .us delegations:
On Thu, 6 Nov 2003, Peter Galbavy wrote:
You foreigners are scary. As a UK resident, born in Oz many many years
ago, I consider -10C to be very very cold.
Uhm, 9/5 * -10 +32 . . . 14 degrees ? Peshaw. As long as it's over 0 I'm
OK.
On Wed, 5 Nov 2003, Mike Tancsa wrote:
costs, not to mention be a little more environmentally friendly. We were
thinking we could circulate the air up to the roof and cool it there inside
some aluminum ducts and then bring it back down. We dont want to just
bring in cold air as it is quite
On Sun, 26 Oct 2003, Terry Baranski wrote:
What if the great majority of your clients are bare PCs on broadband
circuits?
Well, you might just find that small ISPs, then BIG ISPs, stop accepting
mail from your dynamic IP customers. As a start.
On Mon, 20 Oct 2003, David Lesher wrote:
Solutions, the Herndon-based registrar of Internet addresses,
for $100 million in a deal that will allow VeriSign to retain
exclusive control of the valuable .com and .net database.
And NetSlow is now offering free domain transfers -
On Thu, 16 Oct 2003, Miles Fidelman wrote:
Just out of curiousity, I wonder how many domain registrations those of us
on nanog represent? Contract sanctions from ICANN are one thing, taking
We've been moving all our domains to OpenSRS for a year, but doing it as
they come up for renewal.
On Mon, 13 Oct 2003, Paul Vixie wrote:
see http://sa.vix.com/~vixie/comnetsurv/
this is not an icann thing btw, it's just me.
OK, this is nit-picky, but the errors a wildcard will pick up are NOT 404
errors. A wild card could not possibly ever pick up a 404 error. Since 404
is a server error
Looks like Verisign has the wildcards out. The following is without any bind
patches.
[westnet]:~$ date
Sat Oct 4 20:46:09 EDT 2003
[westnet]:~$ host www.opensrsS.net
Host not found.
Whoo Whoo Whoo Whooo !
==
Chris Candreva -- [EMAIL
On Wed, 17 Sep 2003, Sean Donelan wrote:
What would it do to website's Keynote performance to eliminate another
name lookup by having their www.something.com records served directly
from Verisign's gtld-servers?
Now, that would be a real problem, considdering the person who owns
On Tue, 16 Sep 2003, Adam Langley wrote:
On Tue, Sep 16, 2003 at 04:03:08PM +0100, Adam Langley wrote:
I'm collecting countermeasures to the verisign wildcard DNS records
at http://www.imperialviolet.org/dnsfix.html. Currently there are
patches for BIND 9.2.2 and djbdns (not authored by
When you're done patching your resolver, and openssh, you might want to cast
a vote for Stratton in their monthly CEO opinion poll.
http://www.forbes.com/2003/05/01/cx_ceointernetpoll.html
(Thanks to, uhm, someone who might not want to be named from OpenSRS for
passing this along.)
On Tue, 16 Sep 2003, Eric Gauthier wrote:
On the other hand, a headline of Internet Providers Worldwide block access
to Verisign in Effort to Protect the Public is very easily understood.
I was contacted a little while ago by a reporter from the Wall Street
Journal, based on my Nanog posts.
On Tue, 16 Sep 2003, Damian Gerow wrote:
Declan (of news.com) has indicated that he's working on something, and I'm
waiting to hear back from the editors at lightreading.com. I have full
faith that Declan will not only put out a technically accurate piece, but
one that is easily digestible
On Mon, 15 Sep 2003, Chris Adams wrote:
Someone has already brought up the idea on the BIND list of modifying
BIND to recognize this response and converting it back to NXDOMAIN.
That would be me -- I posted to comp.protocols.dns.bind, not realizeing it
was a mailing list gateway.
This also
On Mon, 15 Sep 2003, Patrick W. Gilmore wrote:
Anyone wanna patch BIND such that replies of that IP addy are replaced with
NXDOMAIN? That solves the web site and the spam problem, and all others,
all at once.
I took a look at the Bind 8.3.4 code this afternoon, but couldn't readily
find
On Mon, 15 Sep 2003, Vadim Antonov wrote:
I'm going to hack my BIND so it'll discard wildcard RRs in TLDs, as a
matter of reducing the flood of advertising junk reaching my desktop.
Please share your hack !
==
Chris Candreva -- [EMAIL
On Sun, 31 Aug 2003, Matthew Palmer wrote:
dodgy behaviour (spoofed source addresses, for one). Yes, port 135 is a
known vector, and so is now, but they have their legitimate uses. If
OK, here's an alternative viewpoint.
We're an ISP. I'm blocking 135 and the other netbios ports
On Sun, 31 Aug 2003, Christopher X. Candreva wrote:
We're an ISP. I'm blocking 135 and the other netbios ports inbound on my
clients dial-up/dsl lines because if I didn't, the lines would be useless.
Sunday morning posting. I'm blocking these ports OUTBOUND -- TO our
clients. Their lines
On Tue, 3 Jun 2003, Matthew Zito wrote:
This is marginally related to the power discussions earlier, but does
anyone know of a product that steps up 120V AC to 220V AC and is
reasonably datacenter-friendly? We're looking at an environment where
there's no 220V available - but we only need
On Thu, 27 Mar 2003, Josh Gentry wrote:
We've got customers trying to receive email from people using Verizon for
Internet acess, and we are rejecting that mail because
out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull
up the MAPS RSS website at the moment to check
On Fri, 20 Dec 2002, David Lesher wrote:
[This just jumped into the operational arena. Are you prepared
with the router port for John Poindexter's vacuum? What changes
will you need to make? What will they cost? Who will pay?]
I read this in the paper this morning. The article is a summary
On Wed, 11 Sep 2002, Brad Knowles wrote:
B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get
a credit card or verify the phone number and other info (e.g., call
them back, insist on calling them back.)
C) Use (B) to enforce (A).
Doesn't work. See above.
On Thu, 5 Sep 2002, Owens, Shane (EPIK.ORL) wrote:
Quick question, does there exist a practice of charging customer for IP
address blocks used? My theory is that the first Class C is included with
the service, but I'm wondering what happens when the customer wants 2,3,4 or
more?
Shane:
I
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote:
I'm trying to figure out what you think IP space allocation has to do
with bandwidth. IP space is not just another bullet point on the
marketing slide that makes a particular service option that more
attractive - if you can't use it, you can't
http://biz.yahoo.com/djus/020605/200206051047000419_1.html
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
Since a discussion of NAS/CAIS DSL came up last week, I am assuming there
are at least some DSL resellers out there, so . . .
Verizon had a converence call for the Northeast ISPs this afternoon to
introduce a new product. It began with them explaining to us why our
customers might want a
On Thu, 30 May 2002, John Palmer wrote:
CAIS sold our account to NAS. They did this about 5 months back. They are
NAS has been nothing but trouble. We are (or were) a Covad reseller, first
direct through Covad, then through CAIS.
The first we heard our lines had been sold was when we called
This was going to be a question, but now it's a statement.
CW had an outage in NYC around 11:00 AM this morning. 11:40 EDT and things
seem to be comming back.
CW NOC was returning busy for about 10 minutes, then I was on hold for 1/2
hour, and they picked up just as traffic started flowing
61 matches
Mail list logo