On 07/04/12 05:11, David Miller wrote:
>
>
> RBLs don't block emails. Operators of mail servers who use RBLs block
> emails (in part) based on information from RBLs.
If only one could convince end-users of this fact. More often than not,
end-user simply sees the company that they pay to provide
On Sat, Apr 7, 2012 at 7:25 AM, wrote:
> Yahoo is only a hegemony among spam havens, not a monopoly. There's still
> freelance havens out there, and they'll go away when SORBS does.
Sorbs did have a decent set of traps - and did catch a lot of spam.
The problem was atrociously poor maintenance
On Fri, 06 Apr 2012 20:48:44 -0500, Jimmy Hess said:
> That's kind of vague to say it's "unlikely to see 1 abuser". What is
> the probability that
> more IPs in the same /24 are likely to harbor abusers, given that you have
> received abuse from one IP?
It's similar to pirhanas or cockroaches
the yahoo item was a point all its own, unrelated to iweb's idiocy.
yahoo no longer care to receive abuse reports from anyone at all.
-Dan
On Sat, 7 Apr 2012, Suresh Ramasubramanian wrote:
err, i dont know but yahoo hasnt yet acquired this random webhost whose
abuse you're trying to mail
On
On Sat, 07 Apr 2012 07:00:52 +0530, Suresh Ramasubramanian said:
> err, i dont know but yahoo hasnt yet acquired this random webhost whose
> abuse you're trying to mail
> > - The following addresses had permanent fatal errors -
> >
> > (reason: 554 rejected due to spam content)
Right
i dont think anyone would miss sorbs if it was gone, dare i say it not even
a single person
On Fri, Apr 6, 2012 at 9:48 PM, Jimmy Hess wrote:
> On Fri, Apr 6, 2012 at 8:13 PM, Jeroen van Aart wrote:
> > Brielle Bruns wrote:
> > to come from such a block is more often than not a necessity. It's
On Fri, Apr 6, 2012 at 8:13 PM, Jeroen van Aart wrote:
> Brielle Bruns wrote:
> to come from such a block is more often than not a necessity. It's very
> unlikely to see 1 abuser in between an otherwise perfectly behaving network
> neighbourhood.
That's kind of vague to say it's "unlikely to see
what does it cost you to peer, versus what does it cost you to not peer?
if you are at the same ix the costs of peering are very low indeed
On Saturday, April 7, 2012, Anurag Bhatia wrote:
> Hello everyone
>
>
>
> I am curious to know how small ISPs plan peering with other interested
> parties.
err, i dont know but yahoo hasnt yet acquired this random webhost whose
abuse you're trying to mail
On Friday, April 6, 2012, goe...@anime.net wrote:
> The day SORBS goes away is the day ab...@yahoo.com starts functioning
> properly and yahoo starts booting spammers.
>
> The day SORBS goes away i
Brielle Bruns wrote:
Unfortunately, the apathy of providers, backbones, and network operators
in general have created an environment that the almighty buck rules
everything.
I totally agree with pretty much everything in this email.
I also agree that blocking whole /24 or bigger when spam has
This report has been generated at Fri Apr 6 21:12:44 2012 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 29-Mar-12 -to- 05-Apr-12 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS840267283 3.7% 33.7 -- CORBINA-AS OJSC "Vimpelcom"
2 - AS10201 52074 2.9
Jimmy Hess wrote:
>
> On Fri, Apr 6, 2012 at 8:48 AM, wrote:
> > If it was industry-wide standard practice that just notifying a provider
> > resulted in something being done, we'd not need things like Senderbase,
> > which is after all basically a list of people who don't take action
> > whe
On Thu, Apr 05, 2012 at 06:45:30PM +0100, Nick Hilliard wrote:
> On 05/04/2012 17:48, goe...@anime.net wrote:
> > But they will care about a /24.
>
> I'm curious as to why they would want to stop at /24. If you're going to
> take the shotgun approach, why not blacklist the entire ASN?
It's a bal
On Apr 6, 2012, at 4:44 PM, David Conrad wrote:
> However, I would be interested in hearing what the excuses are for folks not
> implementing BCP38 these days.
Easy:
1) hardare support varies
2) implementing bcp-38 drives customer support costs up in cases where the
customer is doing somethi
Jimmy,
On Apr 6, 2012, at 1:24 PM, Jimmy Hess wrote:
> On Fri, Apr 6, 2012 at 1:24 PM, David Conrad wrote:
>> I suspect the root server operators might not like this idea very much.
> If it solves other problems adequately, they might eventually just have to
> learn to like it.
I was, of course
Jimmy commented:
#The underlying problem is that "BCP38" is not really a "best common practice",
#despite the name of the series.
#
#It's really a "Best Uncommon Practice that really ought to be more common",
#but we can't control operators and force them to make it more common.
#
#Lots of netwo
On Fri, Apr 6, 2012 at 1:24 PM, David Conrad wrote:
[snip]
> I suspect the root server operators might not like this idea very much.
If it solves other problems adequately, they might eventually just
have to learn to like it.
[snip]
> Treating a symptom and ignoring the disease. See
> http://
Hello everyone
I am curious to know how small ISPs plan peering with other interested
parties. E.g if ISP A is connected to ISP C via big backbone ISP B, and say
A and C both have open peering policy and assuming the exist in same
exchange or nearby. Now at this point is there is any "minimum ba
On Thu, 5 Apr 2012, Landon Stewart wrote:
If the purpose of blacklist is to block spam for recipients using that
blacklist then a /32 works. If the purpose of a blacklist is to annoy
providers then a /24 works. The most reputable and useful blacklists IMHO
are Spamhaus and Spamcop - they don't
On Fri, 6 Apr 2012, Patrick W. Gilmore wrote:
Ever wonder why it takes time for DNSbl's to process removals,
sometimes very long periods? Well, someone's gotta pay for that time
the removal person does it (and I have yet to see a dime of
compensation for the time I spend).
No, they don't.
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-st...@lists.ap
On Fri, Apr 6, 2012 at 1:01 PM, Drew Weaver wrote:
> So you're suggesting that hosting companies do what?
I believe I'm suggesting you use SORBS as your canary in the coal mine
and otherwise ignore them.
But if you're asking what hosting companies could do to proactively
prevent spamming and mak
On Fri, Apr 6, 2012 at 8:48 AM, wrote:
> If it was industry-wide standard practice that just notifying a provider
> resulted
> in something being done, we'd not need things like Senderbase, which is after
> all basically a list of people who don't take action when notified...
>
[snip]
Pot callin
On Apr 6, 2012, at 11:13 AM, Jimmy Hess wrote:
>> It turns out that DNSSEC makes a respectable traffic amplification vector:
> This is definitely a problem.
Yep. So are SNMP reflection attacks (biggest attack I've seen was one of
these) and any other datagram-oriented query/response protocol.
>
On Fri, Apr 6, 2012 at 1:04 PM, Nick Hilliard wrote:
> On 06/04/2012 18:41, Nathan Eisenberg wrote:
>> Anyone else seeing this sort of noise lately?
>
> There has been a bit of that recently for ripe.net and several other well
> known DNSSEC enabled domains (e.g. isc.org).
>
> It turns out that DN
On Fri, Apr 6, 2012 at 12:52 PM, PC wrote:
> Of course you'd have to actually be running a poorly configured DNS server
> on that IP for this to work...
Right was that IP ever running a DNS service?
Picking random IPs to spoof and hope some of the random IPs happen to
be DNS servers
doesn't
On 06/04/2012 18:41, Nathan Eisenberg wrote:
> Anyone else seeing this sort of noise lately?
There has been a bit of that recently for ripe.net and several other well
known DNSSEC enabled domains (e.g. isc.org).
It turns out that DNSSEC makes a respectable traffic amplification vector:
> twinkie
It could be a DNS amplification attack, with the source IP forged. They
may be hoping you "reply" to the forged source with a response greater than
the cost of them sending the query.
Of course you'd have to actually be running a poorly configured DNS server
on that IP for this to work...
On Fr
On 04/06/12 10:47, Keegan Holley wrote:
Have you tried contacting the owner of the IP? A DDOS attack from that
particular IP would be ironic.
#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=72.20.23.24?showDetails=true&showARIN=false&ext=netref2
#
Stamin
Have you tried contacting the owner of the IP? A DDOS attack from that
particular IP would be ironic.
#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=72.20.23.24?showDetails=true&showARIN=false&ext=netref2
#
Staminus Communications STAMINUS-COMMUNICATIONS
Anyone else seeing this sort of noise lately?
10:35:00.958556 IP 72.20.23.24.53 > 66.171.180.48.53: 952+ [1au] ANY? ripe.net.
(38)
10:35:00.961055 IP 72.20.23.19.53 > 66.171.180.48.53: 952+ [1au] ANY? ripe.net.
(38)
10:35:01.262461 IP 72.20.23.19.53 > 66.171.180.48.53: 952+ [1au] ANY? ripe.net.
The day SORBS goes away is the day ab...@yahoo.com starts functioning
properly and yahoo starts booting spammers.
The day SORBS goes away is the day BS like this stops happening:
- The following addresses had permanent fatal errors -
(reason: 554 rejected due to spam content)
-Da
On 4/6/2012 12:35 PM, Michael Thomas wrote:
> On 04/06/2012 09:17 AM, Brielle Bruns wrote:
>> On 4/6/12 10:02 AM, Michael Thomas wrote:
>>>
>>> I wonder how long a popularish blacklist operator would last if they,
>>> oh say, blacklisted all of google or microsoft before they got some
>>> very thre
So you're suggesting that hosting companies do what?
How many emails or port 25/587 connections a (day, week, hour) makes someone a
spammer if there are no objections being lodged at the abuse department?
Are we supposed to do DPI on every email that a dedicated server sends out and
then decide
On Fri, Apr 6, 2012 at 7:31 AM, Drew Weaver wrote:
> That's just not true, we would much rather be notified of
>something that a reputation list finds objectionable and take
>it down ourselves than have Senderbase set a poor
>reputation on dozens of IaaS customers.
I think the idea is that you're
On 04/06/2012 09:17 AM, Brielle Bruns wrote:
On 4/6/12 10:02 AM, Michael Thomas wrote:
I wonder how long a popularish blacklist operator would last if they,
oh say, blacklisted all of google or microsoft before they got some
very threatening letters from their legal staff. An hour? A day? A wee
On Fri, 06 Apr 2012 09:55:35 -0400, Drew Weaver said:
> That is again, not true.
>
> Senderbase's listings don't correlate to any public information so it's pretty
> much impossible to pro-actively protect ourselves from having our IPs set to
> poor.
You missed the point - if it was industry stan
On 4/6/12 10:02 AM, Michael Thomas wrote:
I wonder how long a popularish blacklist operator would last if they,
oh say, blacklisted all of google or microsoft before they got some
very threatening letters from their legal staff. An hour? A day? A week?
You may have the right to list them and ch
On 4/6/12 9:49 AM, George Herbert wrote:
This seems like a very 1999 anti-spam attitude.
I have been doing anti-spam a long long time - literally since before
Canter and Siegel (who I had as customers...) and
befor...@cup.portal.com.
It's not 1999 anymore. Patrick is not the enemy. Your attitud
On 04/06/2012 08:49 AM, George Herbert wrote:
This seems like a very 1999 anti-spam attitude.
I have been doing anti-spam a long long time - literally since before Canter
and Siegel (who I had as customers...) and before j...@cup.portal.com.
It's not 1999 anymore. Patrick is not the enemy. You
This seems like a very 1999 anti-spam attitude.
I have been doing anti-spam a long long time - literally since before Canter
and Siegel (who I had as customers...) and before j...@cup.portal.com.
It's not 1999 anymore. Patrick is not the enemy. Your attitude is worrying. The
"I am not respons
On 4/6/12 9:02 AM, Patrick W. Gilmore wrote:
No, they don't. Many DNSBLs use self-service tools. Someone has to
write the tool, but the rest is automated. Total cost is power&
space, which is frequently donated (I have personally donated some
myself to DNSBLs I thought were well run).
Proxy
On Apr 6, 2012, at 10:54 , Brielle Bruns wrote:
> On 4/4/12 3:36 PM, Landon Stewart wrote:
>
It's best to not complain about it and just accept it as a fact of life
your IPs are listed on SORBS and move on. It's not the end of the world.
>> It turns into a customer service issue fo
On 4/4/12 3:36 PM, Landon Stewart wrote:
> It's best to not complain about it and just accept it as a fact of life
> your IPs are listed on SORBS and move on. It's not the end of the world.
>
It turns into a customer service issue for most service providers.
Eh, guess they'll just have to a
Thanks to all who responded off list even to those that are intrested in the
opportunity, I do appreciate it.
- Original Message -
From: "Daryl G. Jurbala"
To: "Elijah Savage"
Cc: "Robert E. Seastrom" , "NANOG list"
Sent: Thursday, April 5, 2012 8:51:45 PM
Subject: Re: SIP Carrier Cons
On 4/5/12 1:26 PM, George B. wrote:
How long did it take them? We have had a request in for records
for a domain for over a week now, and nothing in whois yet.
between a couple of hours and 5 to 10 business days. The long leads
times came when I no longer had direct contacts and had to g
That is again, not true.
Senderbase's listings don't correlate to any public information so it's pretty
much impossible to pro-actively protect ourselves from having our IPs set to
poor.
I.e. when Senderbase assigns IPs to poor, those same IPs aren't listed on any
RBLs or anything.
They opera
On Fri, 06 Apr 2012 07:31:47 -0400, Drew Weaver said:
> That's just not true, we would much rather be notified of something that a
> reputation list finds objectionable and take it down ourselves than have
> Senderbase set a poor reputation on dozens of IaaS customers.
If it was industry-wide stan
Je suis absent(e) du bureau jusqu'au 16/04/2012
Je suis absent pour le moment.
En cas de nécessité, merci de transmettre vos messages à l'équipe CSIRT:
cs...@bnpparibas.com
+33 1 40 14 26 95 (office hours UTC +1/+2)
--
I am currently out of office.
If necessary, please forward your messages to
That's just not true, we would much rather be notified of something that a
reputation list finds objectionable and take it down ourselves than have
Senderbase set a poor reputation on dozens of IaaS customers.
-Drew
-Original Message-
From: goe...@anime.net [mailto:goe...@anime.net]
Se
51 matches
Mail list logo
