We did swip the block to the isp (as an assignment, not allocation).. That is the problem, they kept recursively looking up the assignment.. Maybe they should block 64/8 or maybe 0/0 :).
Anybody interested in a coordinated denial of service attack? :). Mark -- Mark Segal Director, Data Services Futureway Communications Inc. Tel: (905)326-1570 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: December 10, 2002 10:36 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Spam. Again.. -- and blocking net blocks? > > > > Problem: > > For some reason, spews has decided to now block one of our > /19.. Ie no > mail > > server in the /19 can send mail. > > > Questions: > > 1) How do we smack some sense into spews? > > Make it easy for them to identify the fact that your downstream ISP > customer has allocated that /32 to a separate organisation. > This is what > referral whois was supposed to do but it never happened because > development of the tools fizzled out. > > If SPEWS could plug guilty IP addresses into an automated > tool and come up > with an accurate identification of which neighboring IP > addresses were > tainted and which were not, then they wouldn't use such crude > techniques. > > Imagine a tool which queries the IANA root LDAP server for an > IP address. > The IANA server refers them to ARIN's LDAP server because > this comes from > a /8 that was allocated to ARIN. Now ARIN's server identifies > that this > address is in your /19 so it refers SPEWS to your own LDAP > server. Your > server identifies your customer ISP as the owner of the > block, or if your > customer has been keeping the records up to date with a simple LDAP > client, your server would identify that the guilty party is > indeed only on > one IP address. > > Of course, this won't stop SPEWS from blacklisting you. But > it enables > SPEWS to quickly identify the organization (your customer > ISP) that has a > business relationship with the offender so that SPEWS is more > likely to > focus their attentions on these two parties. > > > 2) Does anyone else see a HUGE problem with listing a /19 because > > there > is > > one /32 of a spam advertised website? When did this start > happening? > > It's a free country, you can't stop people like the SPEWS group from > expressing their opinions. As long as people are satisfied with crude > tools for mapping IP address to owner, this kind of thing > will continue to > happen. > > --Michael Dillon >
