It's been quite a few years, and for those of you on this list as long
in the tooth as I am, you will remember the battles of the 90's and
early 2000's between various RBL's and large telco/cable companies..
Those cable companies did very little about outbound abuse, so several
of the RBL's in the day, controversially blocked the largest ISP's
networks.. period..
This finally hit the big telco's in the pocket book enough, that they
gave in and started blocking port 25 on egress from their dynamic IP
ranges, and now most of the ISP's in North America still block port 25
on egress.
However, the world is big.. and many other areas in the world are not
doing this yet..
eg.. from today, just looking at compromised GPON routers, this one ISP
is sending spam from the following.. (any one here have any sway with
this company?)
Ex. 1.186.104.104 x1 1.186.104.104.dvois.com
(fuller list below)
Now, there are several countries really having a problem with this.
Compromised routers, IoT devices.. and compromised old versions of
Windows. And while most email operators already stop them one way or
another, it is just a huge drain on resources. (Included samples from
Brazil below as well)
It was bad enough when all they were doing is spamming, and it is so
simple to block port 25 on egress from DUL/Dynamic networks, why is this
practice not working its way to emerging markets??
We have brought it up with several CERT's, but little progress is being
made on this front, and given the prevalence of older/cheaper IoT
routers, and/or older versions of Windows, a lot more compromised
devices in those regions.
And now, with the latest Microsoft disclosure, we can be sure millions
more devices will be compromised..
Isn't it time we renwed this conversation with ISP's and Telco's around
the world? Spambots' are dangerous, precursor to much worse things.
But at least it is easy to stop.
Time to brush off M3AAWG best practices.. listing what ports do not need
to be open on dynamic IP home style networks..
......................................................................
1.186.104.104 x1 1.186.104.104.dvois.com
1.186.104.111 x2 1.186.104.111.dvois.com
1.186.104.118 x2 1.186.104.118.dvois.com
1.186.104.119 x1 1.186.104.119.dvois.com
1.186.104.121 x1 1.186.104.121.dvois.com
1.186.104.123 x1 1.186.104.123.dvois.com
1.186.104.128 x1 1.186.104.128.dvois.com
1.186.104.144 x1 1.186.104.144.dvois.com
1.186.104.154 x1 1.186.104.154.dvois.com
1.186.104.160 x1 1.186.104.160.dvois.com
1.186.104.164 x3 1.186.104.164.dvois.com
1.186.104.197 x2 1.186.104.197.dvois.com
1.186.104.207 x2 1.186.104.207.dvois.com
1.186.104.221 x2 1.186.104.221.dvois.com
1.186.104.228 x3 1.186.104.228.dvois.com
1.186.104.237 x1 1.186.104.237.dvois.com
1.186.104.240 x1 1.186.104.240.dvois.com
1.186.104.245 x7 1.186.104.245.dvois.com
1.186.104.25 x1 1.186.104.25.dvois.com
1.186.104.65 x2 1.186.104.65.dvois.com
1.186.104.72 x3 1.186.104.72.dvois.com
1.186.104.76 x1 1.186.104.76.dvois.com
1.186.104.99 x3 1.186.104.99.dvois.com
1.186.105.1 x5 1.186.105.1.dvois.com
1.186.105.104 x2 1.186.105.104.dvois.com
1.186.105.109 x2 1.186.105.109.dvois.com
1.186.105.117 x5 1.186.105.117.dvois.com
1.186.105.123 x2 1.186.105.123.dvois.com
1.186.105.128 x1 1.186.105.128.dvois.com
1.186.105.133 x2 1.186.105.133.dvois.com
1.186.105.136 x1 1.186.105.136.dvois.com
1.186.105.138 x1 1.186.105.138.dvois.com
1.186.105.142 x1 1.186.105.142.dvois.com
1.186.105.149 x2 1.186.105.149.dvois.com
1.186.105.150 x2 1.186.105.150.dvois.com
1.186.105.153 x4 1.186.105.153.dvois.com
1.186.105.163 x2 1.186.105.163.dvois.com
1.186.105.166 x3 1.186.105.166.dvois.com
1.186.105.171 x5 1.186.105.171.dvois.com
1.186.105.172 x3 1.186.105.172.dvois.com
1.186.105.176 x2 1.186.105.176.dvois.com
1.186.105.187 x2 1.186.105.187.dvois.com
1.186.105.193 x4 1.186.105.193.dvois.com
1.186.105.199 x1 1.186.105.199.dvois.com
1.186.105.206 x4 1.186.105.206.dvois.com
1.186.105.209 x2 1.186.105.209.dvois.com
1.186.105.211 x3 1.186.105.211.dvois.com
1.186.105.215 x4 1.186.105.215.dvois.com
1.186.105.226 x2 1.186.105.226.dvois.com
1.186.105.227 x1 1.186.105.227.dvois.com
1.186.105.231 x5 1.186.105.231.dvois.com
1.186.105.233 x1 1.186.105.233.dvois.com
1.186.105.242 x1 1.186.105.242.dvois.com
1.186.105.246 x2 1.186.105.246.dvois.com
1.186.105.247 x4 1.186.105.247.dvois.com
1.186.105.253 x1 1.186.105.253.dvois.com
1.186.105.254 x3 1.186.105.254.dvois.com
1.186.105.3 x3 1.186.105.3.dvois.com
1.186.105.35 x1 1.186.105.35.dvois.com
1.186.105.52 x1 1.186.105.52.dvois.com
1.186.105.55 x1 1.186.105.55.dvois.com
1.186.105.62 x3 1.186.105.62.dvois.com
1.186.105.68 x4 1.186.105.68.dvois.com
1.186.105.7 x1 1.186.105.7.dvois.com
1.186.105.74 x1 1.186.105.74.dvois.com
1.186.105.76 x3 1.186.105.76.dvois.com
1.186.105.8 x2 1.186.105.8.dvois.com
1.186.105.85 x2 1.186.105.85.dvois.com
1.186.105.92 x1 1.186.105.92.dvois.com
1.186.242.57 x1 1.186.242.57.dvois.com
1.186.242.63 x2 1.186.242.63.dvois.com
Now, there are several countries really having a problem with this.
Compromised routers, IoT devices.. and compromised old versions of Windows.
Example: partial snapshot of Brazil in one day..
45.4.64.208 6 45-4-64-208.outcenter.com.br
45.6.230.216 1 45-6-230-216.speednetgoias.net.br
45.70.151.183 4 45-70-151-183.shfibra.com.br
45.160.36.131 1 131.36.160.45.gramnet.com.br
45.160.37.124 3 124.37.160.45.gramnet.com.br
45.162.199.26 1 45-162-199-26.conectanetwork.net.br
45.164.70.46 1 45-164-70-46.redesulsp.com.br
45.164.222.239 3 45-164-222-239.silvernetdns.net.br
45.167.69.45 1 45-167-69-45.rededigitalfsarev.com.br
45.169.231.11 1 45-169-231-11.dgnetsp.com.br
45.170.90.218 2 45-170-90-218.juquianetfibra.com.br
45.170.90.237 1 45-170-90-237.juquianetfibra.com.br
45.171.1.193 2 45-171-1-193.pcnet.net.br
45.172.68.71 1 45-172-68-71.liderfibra.com.br
45.172.69.20 2 45-172-69-20.liderfibra.com.br
45.175.145.207 1 45.175.145.207.navegartelecom.net.br
45.175.146.97 1 45.175.146.97.navegartelecom.net.br
45.176.41.100 1 45.176.41.100.micronetinfo.com.br
45.176.179.194 1 45-176-179-194.linknew.com.br
45.176.179.198 2 45-176-179-198.linknew.com.br
45.176.179.199 1 45-176-179-199.linknew.com.br
45.176.206.156 1 45-176-206-156.mznet.com.br
45.178.35.54 2 45-178-35-54.fibranetce.com.br
45.183.202.140 1 45.183.202-140.redewifinet.com.br
45.184.28.130 1 45-184-28-130.bahiaweb.com.br
45.186.236.95 1 45-186-236-95.enfornete.net.br
45.188.17.112 3 45-188-17-112.onetechtelecom.net.br
45.226.238.38 1 45.226.238.38.velnet.com.br
45.226.240.217 1 45-226-240-217.netix.net.br
45.226.241.37 2 45-226-241-37.netix.net.br
45.227.79.198 7 45-227-79-198.ncsatelecom.com.br
45.230.165.143 6 143.165.230.45.fibra1.com.br
45.232.140.48 5 48-140-232-45.yousertelecom.com.br
45.232.140.59 2 59-140-232-45.yousertelecom.com.br
45.234.177.166 4 166-177-234-45.mafredine.com.br
45.235.70.150 2 45-235-70-150.fnxtelecom.com.br
45.235.222.155 4 45.235.222.155.netpara.com.br
45.235.251.84 2 45.235.251.84.hipervi.com.br
45.239.227.218 1
ip-45-239-227-218.dinamixtelecom.com.br
131.72.198.112 1 131-72-198-112.henet.com.br
131.100.68.25 11 131.100.68.25.cabonnet.com.br
131.100.68.233 1 131.100.68.233.cabonnet.com.br
131.100.157.224 8 131-100-157-224.weclix.com.br
131.221.13.119 2 131-221-13-119.triway.net.br
131.255.177.115 1 115-177-255-131.soniknet.com.br
132.255.146.251 2 132-255-146-251.osir.net.br
138.0.60.231 1 ip-138.0.60.231.wellnet.com.br
138.0.60.239 3 ip-138.0.60.239.wellnet.com.br
138.0.174.221 1 138-0-174-221.justwebtelecom.com.br
138.97.97.190 1
138-97-97-190.host.clicknetfacil.com.br
138.97.128.174 3 174.128.97.138.zappen.com.br
138.121.1.161 1 138.121.1.161.transdados.com.br
138.185.187.161 1 138.185.187.161.rmstelecom.net.br
138.219.241.8 2 ip-138.219.241.8.danieltel.com.br
138.255.111.45 1 138-255-111-45.rev.nocworldwifi.com.br
143.0.21.253 1 253.21.0.143.skynetempresarial.com.br
143.137.225.66 1 143.137.225.66.falconbandalarga.com.br
143.202.108.92 6
flybyte.92.108.202.143-BGP.flybyte.com.br
143.202.127.125 1 125.127.202.143.toolsnet.com.br
143.208.237.26 4 26.237.208.143.deltainternet.net.br
143.208.239.126 1 126.239.208.143.deltainternet.net.br
143.255.111.22 1 143-255-111-22.mcdtelecom.com.br
160.238.27.61 1 160-238-27-61.vivatele.com.br
160.238.163.236 1 160-238-163-236.pelikan.net.br
164.163.37.26 1 164-163-37-26.supranet.com.br
167.249.151.118 1 167-249-151-118.conectaraxa.com.br
167.249.188.167 1 167-249-188-167.solic.com.br
167.250.70.83 2 83.70.250.167.unonet.com.br
167.250.163.176 1 167.250.163.176.plusnetprovedor.net.br
167.250.175.131 1
167.250.175.131-cliente.totalvia.com.br
167.250.175.155 3
167.250.175.155-cliente.totalvia.com.br
167.250.175.222 1
167.250.175.222-cliente.totalvia.com.br
167.250.186.161 1 167-250-186-161.fibernettelecom.com.br
168.90.7.193 1 131.221.227.193.isp.linkceara.com.br
168.90.31.131 1 131-31-90-168.novanet.inf.br
168.181.112.16 13
16-112-181-168.provedorsuperconnect.com.br
168.194.238.211 1 168.194.238.211.isp.linkceara.com.br
168.195.132.34 1 168-195-132-34.deltafibra.com.br
168.196.89.65 2 65.88.196.168.redebrtelecom.net.br
168.197.74.60 1 ip168-197-74-60.netjat.com.br
168.197.74.104 1 ip168-197-74-104.netjat.com.br
168.197.74.147 3 ip168-197-74-147.netjat.com.br
168.197.236.103 1
168-197-236-103.powernetsolutions.net.br
168.205.63.41 1 168-205-63-041.tcftelecom.com.br
168.205.137.98 2
as263145-168-205-137-98.megaflash.com.br
168.228.184.207 2 168-228-184-207.grupoabenet.com.br
168.232.183.179 3
168-232-183-179-user-net.twspeed.com.br
170.78.176.94 1 170.78.176.94.assystemnet.net.br
170.78.176.95 1 170.78.176.95.assystemnet.net.br
170.78.248.44 1 170-78-248-44-reverso.varzeanet.com.br
170.78.248.136 1
170-78-248-136-reverso.varzeanet.com.br
170.78.248.253 1
170-78-248-253-reverso.varzeanet.com.br
170.79.53.168 1 170-79-53-168.justwebtelecom.com.br
170.81.154.140 1 170-81-154-140.worldnetbrasil.com.br
170.81.154.173 1 170-81-154-173.worldnetbrasil.com.br
170.82.132.41 1 170-82-132-41.webbytelecom.com.br
170.83.112.207 1 207-112-83-170.rev.gptelecom.com.br
170.150.95.217 1 170-150-95-217.trixnetwork.com.br
170.239.75.145 1 145.75.239.170.kater.com.br
170.244.86.76 1 170.244.86.76.snbandalarga.com.br
170.244.160.111 7 170-244-160-111.gtxnet.com.br
170.245.197.106 11 170-245-197-106.rnova.com.br
170.247.211.129 3 170-247-211-129.interligadosnet.com.br
177.10.62.236 9 clientes-62.236.dbug.com.br
177.10.63.122 1 clientes-63.122.dbug.com.br
177.11.135.194 2 host-177-11-135-194.certafibra.com.br
177.11.158.146 1
ip-177.11.158.146.minasnet-telecom.com.br
177.12.45.121 1 fttx-1771245121.usr.predialnet.com.br
177.36.73.21 1 177.36.73-21.dnetprovedor.net.br
177.37.87.213 1 177-37-87-213.ultrat.com.br
177.38.241.82 1 177-38-241-082.henet.com.br
177.47.49.187 2 1774749187.tvninternet.com.br
177.53.117.129 1 129-117-53-177.estreitonet.com.br
177.55.212.245 1 245-212-55-177.combolivre.net.br
177.66.215.80 2 177-66-215-80.rnova.com.br
177.70.133.222 1 177-70-133-222.rev.waynet.com.br
177.71.83.100 2 ip-177.71.83.100.inetpe.com.br
177.75.125.225 1 ip-177.75.125.225.machanet.com.br
177.86.36.114 1 114-36-86-177.netpremium.net.br
177.86.245.17 1 17.245.86.177.connectprovedor.net.br
177.89.199.109 1
177-89-199-109.cable.cabotelecom.com.br
177.91.134.225 2 225-134-91-177.worldnetrn.com.br
177.104.94.214 2 power177-104-94-214.powerline.com.br
177.104.202.75 9 177-104-202-75.grajaunettelecom.com.br
177.104.202.84 1
177-104-202-84.grajaunettelecom.com.br
177.104.209.241 1 177-104-209-241.brasconect.net.br
177.104.220.149 6 177-104-220-149.brasconect.net.br
177.124.20.160 2 177-124-20-160.altinformatica.com.br
177.125.123.234 1 177-125-123-234.edimelo.net.br
177.126.85.208 1 177.126.85-208.novatelecomto.com.br
177.126.233.222 10 177-126-233-222.city10.com.br
177.129.55.237 1 177-129-55-237.supercabotv.com.br
177.129.186.3 2 177-129-186-3.link7.net.br
177.130.54.3 3 3-54-130-177.redewsp.com.br
177.131.19.104 1 177.131.19.104.webflash.net.br
177.131.117.233 2 177-131-117-233.acessoline.net.br
177.136.45.35 1 177-136-45-35.tascom.com.br
177.136.194.51 1 194-136-177-51.supercabotv.com.br
177.152.179.16 2 177-152-179-16.primatectelecom.com.br
177.184.188.193 1 177-184-188-193.netcartelecom.com.br
177.200.162.30 1 30.162.200.177.netflexisp.com.br
179.97.80.206 1 206-80-97-179.rrconect.com.br
179.108.94.124 2 179-108-94-124.ragtek.net.br
179.125.39.214 1 clientes-39.214.dbug.com.br
181.191.166.40 1 181-191-166-40.gardensat.com.br
181.191.231.205 3 181.191.231.205.globalnetrs.psi.br
186.194.181.216 2 wlan-186-194-181-216.clickrede.com.br
186.195.22.116 3 cliente22116.redesul.com.br
186.195.94.55 4 186-195-94-55.bdonline.com.br
186.208.155.41 3 186.208.155.41.toptechrs.net.br
186.208.155.49 2 186.208.155.49.toptechrs.net.br
186.216.206.129 1 186-216-194-129.yiptelecom.com.br
186.224.24.224 1 ip-186.224.24.224.danieltel.com.br
186.226.220.196 2 186.226.220.196.ondaagil.net.br
186.227.13.50 1 186-227-13-50.velloznet.com.br
186.233.113.209 1 186.233.113-209.glink.inf.br
186.235.100.254 1 power100-254.powerline.com.br
186.236.217.13 6
186-236-217-13.cable.cabotelecom.com.br
186.236.227.213 1
user.213-227-236-186.users.net-rosas.com.br
186.237.234.101 2 ip-186-237-234.101-net-rubi.com.br
186.250.212.251 1 186.250.212.251.lkmais.com.br
187.0.160.221 1 221-160-0-187.vipvilhena.com.br
187.8.181.206 2
187-8-181-206.customer.tdatabrasil.net.br
187.19.162.90 1
187-19-162-90-tmp.static.brisanet.net.br
187.19.162.182 2
187-19-162-182-tmp.static.brisanet.net.br
187.19.162.205 16
187-19-162-205-tmp.static.brisanet.net.br
187.62.183.148 1 148.183.62.187.cnnet.com.br
187.62.183.207 1 207.183.62.187.cnnet.com.br
187.62.184.106 7 106.184.62.187.cnnet.com.br
187.84.112.161 1 187-84-112-161.redeexs.com.br
187.85.61.63 2 187-85-61-63.netway.psi.br
187.85.150.140 1 187-85-150-140.gegnet.com.br
187.95.11.105 1 wlan-187-95-11-105.clickrede.com.br
187.95.165.161 1 187-95-165-161.idctelecom.net.br
187.102.82.184 3 187.102.82.184.bnet.com.br
187.102.92.101 7 187.102.92.101.bnet.com.br
187.103.165.236 1 187-103-165-236.sitel.com.br
187.108.242.226 3 187-108-242-226.egrnet.com.br
187.111.9.64 2 64.9.111.187.flexseg.com.br
189.14.206.238 1 238.206.14.189.ebr.com.br
189.84.214.27 1 189.84.214-27.dinamicatelecom.net.br
191.5.50.49 1 49-50-5-191.viartelecom.com.br
191.5.118.176 1
191-5-118-176customer.viaprovedor.com.br
191.5.255.226 1 226-255-5-191-reverso.varzeanet.com.br
191.7.114.192 1 191-7-114-192.teleturbo.net.br
191.7.114.197 1 191-7-114-197.teleturbo.net.br
191.37.138.116 1 191.37.138.116.brmaster.com.br
191.241.69.45 4 45.69.241.191.k2telecom.net.br
191.242.129.26 10 191-242-129-26.byteweb.com.br
191.242.238.162 1
191-242-238-162.redebrasiltelecom.com.br
191.242.238.179 4
191-242-238-179.redebrasiltelecom.com.br
191.243.8.168 1
customer-191-243-8-168.maisinternet.net.br
191.243.59.245 1 191-243-59-245.netpeu.com.br
191.243.60.250 1 191-243-60-250.netpeu.com.br
192.141.12.221 2 192-141-12-221.futuredigitalnet.com.br
192.141.114.55 2 192.141.114-55.allconecta.net.br
192.141.114.224 1 192.141.114-224.allconecta.net.br
192.141.115.30 2 192.141.115-30.allconecta.net.br
192.141.223.13 1 192-141-223-13.xtremenet.com.br
192.141.243.255 2
192.141.243.255.cliente.ed-linkrn.com.br
200.26.254.154 1 200-26-254-154.zbltelecom.net.br
200.106.180.46 1 200-106-180-46.powernetinternet.com.br
200.106.195.198 1 200-106-195-198.zeustelecom.com.br
200.188.243.237 1
host-237.243.188.200.fns.freefone.com.br
201.17.121.250 1 c91179fa.virtua.com.br
201.17.123.140 1 c9117b8c.virtua.com.br
201.17.125.83 1 c9117d53.virtua.com.br
201.82.235.53 3 c952eb35.virtua.com.br
201.87.255.79 1
host-201-87-255-79.logteltelecom.com.br
201.148.187.70 1 201-148-187-70.grtelecom.net.br
201.216.100.229 1 wlan-201-216-100-229.clickrede.com.br
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
