> On Fri, Jun 05, 2026 at 10:31:10AM -0700, Randolf Richardson, Postmaster via > mailop wrote: > > > 64.62.197.0/24 shadowserver.org > > > > We don't currently block anything from this netblock. > > NB: shadowserver is a white hat network scanner that freely offers up its' > results to an ASN that wants to subscribe to their ASN's reports. > > I think they do good work, and can alert you to unexpected anomalies that pop > up > in your network that you should investigate.
That's excellent, and I appreciate you vouching for them. I'm glad they're responsible operators, and we've seen nothing from them that causes me any concern -- from what I can see, they appear to be good actors who are trying to be helpful. > There's plenty of shadow network scanners working for the hackers. My approach is to not assume until I've seen actual bad/abuseive behaviour from a network. I'll start with an individual IP address, and if things spread out from there, eventually expand -- if they keep pushing with enough whack-a-mole tactics then I'll just excise their entire netblock instead of wasting time trying to figure which of their IPs are the problem (I've got better things to do like flossing my teeth, counting weeds in the garden, trolling some idiots on Twitter, trying to get Google Translate to understand my neighbour's cat who meows a lot, etc.). I know other adminsitrators who add such networks to their block-and-forget lists, and it's an approach that's been around since "the before time" (c. 1990s for those who aren't familiar with this South Park reference). This is why it's important to check up on IP addresses/netblocks that are new to your networks before utilizing them, for if there's bad history then it can be a major hassle getting tarpits paved over, /dev/null routing errors fixed, and other related matters sorted out. I recall two instances where I removed netblocks from my block-and-forget lists because ownership had changed, but I put them on a watchlist for a while and hobbled their IP addresses with an arbitrarily higher spam score for the first year -- neither of them sent any spam or tried to hack into anything (if they had, I would have assumed that ownership changed in name only, and put them back into my block-and-forget lists). I exempt our NOC/Postmaster/Abuse accounts from DNSBLs and my block-and-forget lists for this reason (I don't know how common it is for other postmasters to do this, but I suspect that I'm not the only one). -- Postmaster - [email protected] Randolf Richardson, CNA - [email protected] Inter-Corporate Computer & Network Services, Inc. Vancouver, Beautiful British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
