[122642] in North American Network Operators' Group
Re: Spamhaus...
daemon@ATHENA.MIT.EDU (Michelle Sullivan)
Thu Feb 18 14:48:12 2010
Date: Thu, 18 Feb 2010 20:47:14 +0100
From: Michelle Sullivan <matthew@sorbs.net>
In-reply-to: <4B7D0D7D.33E4.0097.0@globalstar.com>
To: Crist Clark <Crist.Clark@globalstar.com>
Cc: NANOG <nanog@nanog.org>, Louis.Laczo@PaeTec.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Crist Clark wrote:
> We received such a message from a Spamhaus Datafeed reseller
> and eventually had our DNS servers blocked. What angered me was
> that I analyzed our usage, and we were well below the thresholds
> and met the TOS published at the Spamhaus website for no-cost use.
> However, they said we had to subscribe to the Datafeed despite
> that because we have a Barracuda appliance.
>
Well aside from I remember reading that they look for Barracuda
Appliances*, it does say on:
http://www.spamhaus.org/organization/dnsblusage.html
*Definition: "non-commercial use" is use for any purpose other than as
part or all of a product or service that is resold, or for use of which
a fee is charged. For example, using our DNSBLs in a commercial spam
filtering appliance that is then sold to others requires a data feed,
regardless of use volume. The same is true of commercial spam filtering
software and commercial spam filtering services.
> And I want to know how they figured out we had a Barracuda.
>
>
* well have you considered that the Barracuda may be very specific in
it's IP stack, or they signature it produces in queries etc. Might have
a very specific open port for administration - and not forgetting that
if it's making queries very directly it's exposing it's IP address and
therefore can be tested very simply. Many different ways, and I bet I
could find out if I were to have a device to look at.
Michelle
