[3810] in North American Network Operators' Group
Re: *** MAKE SPAM@INTERRAMP.COM DIE FAST!!! *** (fwd)
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Aug 22 11:30:36 1996
Date: Thu, 22 Aug 1996 08:11:34 -0700
From: owen@DeLong.SJ.CA.US (Owen DeLong)
To: nanog@merit.edu, michael@memra.com
Even if I wanted to do this, I don't think I could take the performance
hit running an access list that large on my incoming ports would create.
I think in order to be able to handle that kind of filtration, he must
be an insignificant smaller provider. A larger provider doesn't have
the spare cycles in the router to handle it.
Owen
> I see the following kind of message on a regular basis. How long before
> this kind of thing starts to cause significant problems? And lest you say
> that xmission.com is only a small unimportant provider, I've seen much
> larger ones also saying they do this and not everybody is as selective
> about only blocking one port.
>
> Michael Dillon - ISP & Internet Consulting
> Memra Software Inc. - Fax: +1-604-546-3049
> http://www.memra.com - E-mail: michael@memra.com
>
> ---------- Forwarded message ----------
> Date: Wed, 21 Aug 1996 15:38:19 -0600 (MDT)
> From: Pete Ashdown <pashdown@xmission.com>
> Reply-To: inet-access@earth.com
> To: inet-access@earth.com
> Subject: *** MAKE SPAM@INTERRAMP.COM DIE FAST!!! ***
> Resent-Date: Wed, 21 Aug 1996 15:39:02 -0600 (MDT)
> Resent-From: inet-access@earth.com
>
> We have seen an inordinate amount of spam email sourcing from Interramp.com
> and their customers. Despite frequent attempts to notify KEN ANDREWS, PSI,
> or any living soul at Interramp, our pleas have gone unanswered. As a
> result, *ALL* SMTP mail traffic from Interramp's networks has been blocked at
> the router level here.
>
> I would encourage *EVERY* responsible ISP to do the same. Interramp does not
> appear to care about spam problems, and in fact has become a haven for this
> type of crap due to their complicity.
>
> The following is instructions on how to block Interramp SMTP traffic on a
> Cisco:
>
> Make an extended IP access list:
>
> access-list 120 deny tcp 38.8.23.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.8.31.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.8.45.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.8.65.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.9.51.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.10.1.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.10.2.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.10.3.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.10.4.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.10.5.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.10.220.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.72.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.122.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.183.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.189.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.194.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.207.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.208.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.209.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.210.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.215.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.217.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.224.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.226.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.227.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.229.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.230.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.231.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.237.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.243.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.11.244.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.81.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.93.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.126.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.128.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.138.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.140.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.156.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.157.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.158.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.178.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.179.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.190.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.205.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.206.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.208.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.209.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.234.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.12.243.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.101.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.110.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.126.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.128.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.138.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.140.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.142.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.35.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.36.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.37.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.40.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.45.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.74.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.79.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.14.82.0 0.0.0.255 eq smtp any
> access-list 120 deny tcp 38.26.44.0 0.0.0.255 eq smtp any
> access-list 120 ip permit all all
>
> Due to the fact that Interramp's networks are not contiguous in any apparent
> way, you have to block each one on a class C basis. If anyone sees any
> evidence otherwise, please let me know. Of course, it wouldn't be a bad idea
> to block all of 38.0.0.0 because PSI hasn't been cooperative either.
>
> After the list is created, add it to your incoming interfaces with:
>
> ip access-group 120 in
>
> The 120 is arbitrary, it can be anything in the extended IP access-list range.
>
> ============================== ISP Mailing List ==============================
> Email ``unsubscribe'' to inet-access-request@earth.com to be removed.
> Don't post messages that just say ``me too''.
>
>
