[54072] in North American Network Operators' Group
RE: Spam. Again.. -- and blocking net blocks?
daemon@ATHENA.MIT.EDU (Mark Segal)
Tue Dec 10 10:42:16 2002
From: Mark Segal <MSegal@FUTUREWAY.CA>
To: nanog@nanog.org
Date: Tue, 10 Dec 2002 10:40:41 -0500
Errors-To: owner-nanog-outgoing@merit.edu
We did swip the block to the isp (as an assignment, not allocation).. That
is the problem, they kept recursively looking up the assignment.. Maybe they
should block 64/8 or maybe 0/0 :).
Anybody interested in a coordinated denial of service attack? :).
Mark
--
Mark Segal
Director, Data Services
Futureway Communications Inc.
Tel: (905)326-1570
> -----Original Message-----
> From: Michael.Dillon@radianz.com [mailto:Michael.Dillon@radianz.com]
> Sent: December 10, 2002 10:36 AM
> To: MSegal@FUTUREWAY.CA
> Cc: nanog@nanog.org; owner-nanog@merit.edu
> Subject: Re: Spam. Again.. -- and blocking net blocks?
>
>
> > Problem:
> > For some reason, spews has decided to now block one of our
> /19.. Ie no
> mail
> > server in the /19 can send mail.
>
> > Questions:
> > 1) How do we smack some sense into spews?
>
> Make it easy for them to identify the fact that your downstream ISP
> customer has allocated that /32 to a separate organisation.
> This is what
> referral whois was supposed to do but it never happened because
> development of the tools fizzled out.
>
> If SPEWS could plug guilty IP addresses into an automated
> tool and come up
> with an accurate identification of which neighboring IP
> addresses were
> tainted and which were not, then they wouldn't use such crude
> techniques.
>
> Imagine a tool which queries the IANA root LDAP server for an
> IP address.
> The IANA server refers them to ARIN's LDAP server because
> this comes from
> a /8 that was allocated to ARIN. Now ARIN's server identifies
> that this
> address is in your /19 so it refers SPEWS to your own LDAP
> server. Your
> server identifies your customer ISP as the owner of the
> block, or if your
> customer has been keeping the records up to date with a simple LDAP
> client, your server would identify that the guilty party is
> indeed only on
> one IP address.
>
> Of course, this won't stop SPEWS from blacklisting you. But
> it enables
> SPEWS to quickly identify the organization (your customer
> ISP) that has a
> business relationship with the offender so that SPEWS is more
> likely to
> focus their attentions on these two parties.
>
> > 2) Does anyone else see a HUGE problem with listing a /19 because
> > there
> is
> > one /32 of a spam advertised website? When did this start
> happening?
>
> It's a free country, you can't stop people like the SPEWS group from
> expressing their opinions. As long as people are satisfied with crude
> tools for mapping IP address to owner, this kind of thing
> will continue to
> happen.
>
> --Michael Dillon
>
