[79330] in North American Network Operators' Group
Re: botted hosts
daemon@ATHENA.MIT.EDU (Peter Corlett)
Mon Apr 4 05:25:36 2005
To: nanog@nanog.org
From: abuse@cabal.org.uk (Peter Corlett)
Date: Mon, 4 Apr 2005 09:24:42 +0000 (UTC)
X-Complaints-To: usenet@dopiaza.cabal.org.uk
Errors-To: owner-nanog@merit.edu
Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
[...]
> Neither DUL, nor SORBS DUHL, nor the several other lesser known
> variants can claim to do even a fraction of a perfect job - and
> providers who do stuff like happily mix static IP and dynamic IP
> netblocks, maintain vague or inconstant rDNS or even no rDNS at all
> for these, etc don't help at all, leading to the usual funny
> situation of someone's static IP dsl getting blocked as dynamic [but
> that's another story altogether]
I agree that blocking based on any sort of DUL is asking for trouble,
but recent experiments on our customer MXers has shown that applying
greylisting to said hosts works a treat. Personally, I'd apply it
across the board, but customers moan that important mail is being
delayed. Nobody has yet complained that junk from compromised hosts is
being delayed :)
A side-effect of the greylisting and other mail checks is that I've
got a lovely list of compromised hosts. Is there any way I can
usefully share these with the community?
--
PGP key ID E85DC776 - finger abuse@mooli.org.uk for full key
