Re: Purchased IPv4 Woes

[Bob Evans]

I am for naming the companies that extort for via RBLs. Spamming is so
wide spread even the domain name company Godaddy leveraged it as a profit
center.

Godaddy, in it's early beginnings. Years ago.

I know from experience that this happensGodaddy demanded money from me
for spamming. I had to pay $150 or $250 ?

I had several domains with them that were not even being used, beyond a
webpage placeholder and I ran my own DNS server for my domains. After
paying, they released my domain to function again. They claimed and
promised they would provide the proof "after I paid"... employees and all
kinds of lines about why they could not show you until after you paid. I
paid and Godaddy suddenly lost the proof. I am sure it was part of a
profit center as I know others that had this happen with Godaddy.

Think about it Godaddy didnt even provide me a service using an IP address
of theirs. It was the domain they held hostage with their DNS server.

There should be a class action against them - just to expose it - (people
never get the real money the lawyers do in a class action). Now that they
are public some lawyer should look into the records and find all the
extortion money gathered years ago. Contact those domain owners at the
time.

Would surprise me if the RBL owners were ex Godaddy employees that saw
this leverage opportunity.

Thank You
Bob Evans
CTO




> Would you mind naming the company so that they can be publicly shamed?
> That
> is nothing sort of extortion.
>
> On Mar 19, 2017 10:36 PM, "Justin Wilson"  wrote:
>
>>
>> Then you have the lists which want money to be removed.  I have an IP
>> that
>> was blacklisted by hotmail. Just a single IP. I have gone through the
>> procedures that are referenced in the return e-mails.  No response.  My
>> next step says something about a $2500 fee to have it investigated.  I
>> know
>> several blacklists which are this way.  Luckily, many admins do not use
>> such lists.
>>
>>
>> Justin Wilson
>> j...@mtin.net
>>
>> ---
>> http://www.mtin.net Owner/CEO
>> xISP Solutions- Consulting – Data Centers - Bandwidth
>>
>> http://www.midwest-ix.com  COO/Chairman
>> Internet Exchange - Peering - Distributed Fabric
>>
>> > On Mar 12, 2017, at 9:10 PM, Bob Evans 
>> wrote:
>> >
>> > Pete's right about how IPs get put on the lists. In fact, let us not
>> > forget that these lists were mostly created with volunteers - some
>> still
>> > today. Many are very old lists. Enterprise networks select lists by
>> some
>> > sort of popularity / fame - etc.. Like how they decide to install
>> 8.8.8.8
>> > as first - its easy and they think its better than their local ISP
>> they
>> > pay yet they always call the ISP about slowness when 8.8.8.8 is
>> for
>> > consumers and doesn't always resolve quickly.  It's a tough sale.
>> >
>> > Once had a customer's employee abuse their mail server - it made some
>> > lists. Customer complained our network is hosting spammers and
>> sticking
>> > them in the middle of a problem that is our networks. Hard win. Took
>> us
>> > months to get that IP off lists. That was one single IP. We did not
>> allow
>> > them to renew their contract once the term was over. Now, they suffer
>> with
>> > comcast for business. ;-)
>> >
>> > Thank You
>> > Bob Evans
>> > CTO
>> >
>> >
>> >
>> >
>> >> On Sun, 12 Mar 2017, Pete Baldwin wrote:
>> >>
>> >>>   So this is is really the question I had, and this is why I was
>> >>> wanting to
>> >>> start a dialog here, hoping that it wasn't out of line for the list.
>>  I
>> >>> don't
>> >>> know of a way to let a bunch of operators know that they should
>> remove
>> >>> something without using something like this mailing list.
>>  Blacklists
>> >>> are
>> >>> supposed to fill this role so that one operator doesn't have to try
>> and
>> >>> contact thousands of other operators individually, he/she just has
>> to
>> >>> appeal
>> >>> to the blacklist and once delisted all should be well in short
>> order.
>> >>>
>> >>>   In cases where companies have their own internal lists, or only
>> >>> update
>> >>> them a couple of times a year from the major lists,  I don't know of
>> >>> another
>> >>> way to notify everyone.
>> >>
>> >> I suspect you'll find many of the private "blacklistings" are hand
>> >> maintained (added to as needed, never removed from unless requested)
>> and
>> >> you'll need to play whack-a-mole, reaching out to each network as you
>> find
>> >> they have the space blocked on their mail servers or null routed on
>> their
>> >> networks.  I doubt your message here will be seen by many of the
>> "right
>> >> people."  How many company mail server admins read NANOG?  How many
>> >> companies even do email in-house and have mail server admins anymore?
>> :)
>> >>
>> >> Back when my [at that time] employer was issued some of 69/8, I found
>> it
>> >> useful to setup a host with IPs in 69/8 and in one of our older IP
>> blocks,
>> >> and then do both 

Re: Purchased IPv4 Woes

[Rob McEwen]

On 3/20/2017 10:25 AM, Mike Hammett wrote:

He did mention Hotmail.


I have no idea which blacklist is allegedly charging $2500 for 
investigating a listing. (I wonder if he meant to type $25.00?) Either 
way, I don't know who that is.


But I will say that, in general, many requesting a delisting from a 
blacklist OFTEN assume that a particular hoster that is blocking their 
messages MUST therefore be caused by the particular "known" blacklist 
they found themselves to be on. But, in many such cases, the host had 
their own internal blacklist or was using some OTHER 3rd party blacklist 
- that was possibly responding to the same "root cause" that the other 
"known" blacklist was reacting to as well, but where that particular 
"known" blacklist wasn't actually the direct reason that this hoster was 
blocking that sender.


So (absent more specific info proving such) this "known" blacklist that 
is allegedly charging a fee for research... could easily NOT be related 
to hotmail. (and probably isn't!)


--
Rob McEwen

Re: Purchased IPv4 Woes

[Steve Atkins]

> On Mar 19, 2017, at 8:32 PM, Justin Wilson  wrote:
> 
> 
> Then you have the lists which want money to be removed.  I have an IP that 
> was blacklisted by hotmail. Just a single IP. I have gone through the 
> procedures that are referenced in the return e-mails.  No response.  My next 
> step says something about a $2500 fee to have it investigated.  I know 
> several blacklists which are this way.  Luckily, many admins do not use such 
> lists.

This reads like you're leaving out some critical details of the story.

Cheers,
  Steve

Re: Purchased IPv4 Woes

[Josh Reynolds]

Just because he choose poorly with his email provider doesn't mean he
should be allowed to be exploited Mike, although a friendly ribbing is
still justified IMO ;)

On Mar 20, 2017 9:27 AM, "Mike Hammett" <na...@ics-il.net> wrote:

> He did mention Hotmail.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
> - Original Message -
>
> From: "Josh Reynolds" <j...@kyneticwifi.com>
> To: "Justin Wilson" <li...@mtin.net>
> Cc: "NANOG" <nanog@nanog.org>
> Sent: Monday, March 20, 2017 9:06:00 AM
> Subject: Re: Purchased IPv4 Woes
>
> Would you mind naming the company so that they can be publicly shamed? That
> is nothing sort of extortion.
>
> On Mar 19, 2017 10:36 PM, "Justin Wilson" <li...@mtin.net> wrote:
>
> >
> > Then you have the lists which want money to be removed. I have an IP that
> > was blacklisted by hotmail. Just a single IP. I have gone through the
> > procedures that are referenced in the return e-mails. No response. My
> > next step says something about a $2500 fee to have it investigated. I
> know
> > several blacklists which are this way. Luckily, many admins do not use
> > such lists.
> >
> >
> > Justin Wilson
> > j...@mtin.net
> >
> > ---
> > http://www.mtin.net Owner/CEO
> > xISP Solutions- Consulting – Data Centers - Bandwidth
> >
> > http://www.midwest-ix.com COO/Chairman
> > Internet Exchange - Peering - Distributed Fabric
> >
> > > On Mar 12, 2017, at 9:10 PM, Bob Evans <b...@fiberinternetcenter.com>
> > wrote:
> > >
> > > Pete's right about how IPs get put on the lists. In fact, let us not
> > > forget that these lists were mostly created with volunteers - some
> still
> > > today. Many are very old lists. Enterprise networks select lists by
> some
> > > sort of popularity / fame - etc.. Like how they decide to install
> 8.8.8.8
> > > as first - its easy and they think its better than their local ISP they
> > > pay yet they always call the ISP about slowness when 8.8.8.8 is for
> > > consumers and doesn't always resolve quickly. It's a tough sale.
> > >
> > > Once had a customer's employee abuse their mail server - it made some
> > > lists. Customer complained our network is hosting spammers and sticking
> > > them in the middle of a problem that is our networks. Hard win. Took us
> > > months to get that IP off lists. That was one single IP. We did not
> allow
> > > them to renew their contract once the term was over. Now, they suffer
> > with
> > > comcast for business. ;-)
> > >
> > > Thank You
> > > Bob Evans
> > > CTO
> > >
> > >
> > >
> > >
> > >> On Sun, 12 Mar 2017, Pete Baldwin wrote:
> > >>
> > >>> So this is is really the question I had, and this is why I was
> > >>> wanting to
> > >>> start a dialog here, hoping that it wasn't out of line for the list.
> I
> > >>> don't
> > >>> know of a way to let a bunch of operators know that they should
> remove
> > >>> something without using something like this mailing list.
> > Blacklists
> > >>> are
> > >>> supposed to fill this role so that one operator doesn't have to try
> and
> > >>> contact thousands of other operators individually, he/she just has to
> > >>> appeal
> > >>> to the blacklist and once delisted all should be well in short order.
> > >>>
> > >>> In cases where companies have their own internal lists, or only
> > >>> update
> > >>> them a couple of times a year from the major lists, I don't know of
> > >>> another
> > >>> way to notify everyone.
> > >>
> > >> I suspect you'll find many of the private "blacklistings" are hand
> > >> maintained (added to as needed, never removed from unless requested)
> and
> > >> you'll need to play whack-a-mole, reaching out to each network as you
> > find
> > >> they have the space blocked on their mail servers or null routed on
> > their
> > >> networks. I doubt your message here will be seen by many of the "right
> > >> people." How many company mail server admins read NANOG? How many
> > >> companies even do email in-house and have mail server admins anymore?
> :)
> > >>
> > >> Back when my [at that time] employer was issued some of 69/8, I found
> it
> > >> useful to setup a host with IPs in 69/8 and in one of our older IP
> > blocks,
> > >> and then do both automated reachability testing and allow anyone to
> do a
> > >> traceroute from both source IPs simultaneously, keeping the results
> in a
> > >> DB. If you find there are many networks actually null routing your
> > >> purchased space, you might setup something similar.
> > >>
> > >> 
> --
> > >> Jon Lewis, MCP :) | I route
> > >> | therefore you are
> > >> _ http://www.lewis.org/~jlewis/pgp for PGP public
> key_
> > >>
> > >
> > >
> >
> >
>
>

Re: Purchased IPv4 Woes

[Mike Hammett]

He did mention Hotmail. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Josh Reynolds" <j...@kyneticwifi.com> 
To: "Justin Wilson" <li...@mtin.net> 
Cc: "NANOG" <nanog@nanog.org> 
Sent: Monday, March 20, 2017 9:06:00 AM 
Subject: Re: Purchased IPv4 Woes 

Would you mind naming the company so that they can be publicly shamed? That 
is nothing sort of extortion. 

On Mar 19, 2017 10:36 PM, "Justin Wilson" <li...@mtin.net> wrote: 

> 
> Then you have the lists which want money to be removed. I have an IP that 
> was blacklisted by hotmail. Just a single IP. I have gone through the 
> procedures that are referenced in the return e-mails. No response. My 
> next step says something about a $2500 fee to have it investigated. I know 
> several blacklists which are this way. Luckily, many admins do not use 
> such lists. 
> 
> 
> Justin Wilson 
> j...@mtin.net 
> 
> --- 
> http://www.mtin.net Owner/CEO 
> xISP Solutions- Consulting – Data Centers - Bandwidth 
> 
> http://www.midwest-ix.com COO/Chairman 
> Internet Exchange - Peering - Distributed Fabric 
> 
> > On Mar 12, 2017, at 9:10 PM, Bob Evans <b...@fiberinternetcenter.com> 
> wrote: 
> > 
> > Pete's right about how IPs get put on the lists. In fact, let us not 
> > forget that these lists were mostly created with volunteers - some still 
> > today. Many are very old lists. Enterprise networks select lists by some 
> > sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8 
> > as first - its easy and they think its better than their local ISP they 
> > pay yet they always call the ISP about slowness when 8.8.8.8 is for 
> > consumers and doesn't always resolve quickly. It's a tough sale. 
> > 
> > Once had a customer's employee abuse their mail server - it made some 
> > lists. Customer complained our network is hosting spammers and sticking 
> > them in the middle of a problem that is our networks. Hard win. Took us 
> > months to get that IP off lists. That was one single IP. We did not allow 
> > them to renew their contract once the term was over. Now, they suffer 
> with 
> > comcast for business. ;-) 
> > 
> > Thank You 
> > Bob Evans 
> > CTO 
> > 
> > 
> > 
> > 
> >> On Sun, 12 Mar 2017, Pete Baldwin wrote: 
> >> 
> >>> So this is is really the question I had, and this is why I was 
> >>> wanting to 
> >>> start a dialog here, hoping that it wasn't out of line for the list. I 
> >>> don't 
> >>> know of a way to let a bunch of operators know that they should remove 
> >>> something without using something like this mailing list. 
> Blacklists 
> >>> are 
> >>> supposed to fill this role so that one operator doesn't have to try and 
> >>> contact thousands of other operators individually, he/she just has to 
> >>> appeal 
> >>> to the blacklist and once delisted all should be well in short order. 
> >>> 
> >>> In cases where companies have their own internal lists, or only 
> >>> update 
> >>> them a couple of times a year from the major lists, I don't know of 
> >>> another 
> >>> way to notify everyone. 
> >> 
> >> I suspect you'll find many of the private "blacklistings" are hand 
> >> maintained (added to as needed, never removed from unless requested) and 
> >> you'll need to play whack-a-mole, reaching out to each network as you 
> find 
> >> they have the space blocked on their mail servers or null routed on 
> their 
> >> networks. I doubt your message here will be seen by many of the "right 
> >> people." How many company mail server admins read NANOG? How many 
> >> companies even do email in-house and have mail server admins anymore? :) 
> >> 
> >> Back when my [at that time] employer was issued some of 69/8, I found it 
> >> useful to setup a host with IPs in 69/8 and in one of our older IP 
> blocks, 
> >> and then do both automated reachability testing and allow anyone to do a 
> >> traceroute from both source IPs simultaneously, keeping the results in a 
> >> DB. If you find there are many networks actually null routing your 
> >> purchased space, you might setup something similar. 
> >> 
> >> -- 
> >> Jon Lewis, MCP :) | I route 
> >> | therefore you are 
> >> _ http://www.lewis.org/~jlewis/pgp for PGP public key_ 
> >> 
> > 
> > 
> 
> 

Re: Purchased IPv4 Woes

[Josh Reynolds]

Would you mind naming the company so that they can be publicly shamed? That
is nothing sort of extortion.

On Mar 19, 2017 10:36 PM, "Justin Wilson"  wrote:

>
> Then you have the lists which want money to be removed.  I have an IP that
> was blacklisted by hotmail. Just a single IP. I have gone through the
> procedures that are referenced in the return e-mails.  No response.  My
> next step says something about a $2500 fee to have it investigated.  I know
> several blacklists which are this way.  Luckily, many admins do not use
> such lists.
>
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> > On Mar 12, 2017, at 9:10 PM, Bob Evans 
> wrote:
> >
> > Pete's right about how IPs get put on the lists. In fact, let us not
> > forget that these lists were mostly created with volunteers - some still
> > today. Many are very old lists. Enterprise networks select lists by some
> > sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8
> > as first - its easy and they think its better than their local ISP they
> > pay yet they always call the ISP about slowness when 8.8.8.8 is for
> > consumers and doesn't always resolve quickly.  It's a tough sale.
> >
> > Once had a customer's employee abuse their mail server - it made some
> > lists. Customer complained our network is hosting spammers and sticking
> > them in the middle of a problem that is our networks. Hard win. Took us
> > months to get that IP off lists. That was one single IP. We did not allow
> > them to renew their contract once the term was over. Now, they suffer
> with
> > comcast for business. ;-)
> >
> > Thank You
> > Bob Evans
> > CTO
> >
> >
> >
> >
> >> On Sun, 12 Mar 2017, Pete Baldwin wrote:
> >>
> >>>   So this is is really the question I had, and this is why I was
> >>> wanting to
> >>> start a dialog here, hoping that it wasn't out of line for the list.  I
> >>> don't
> >>> know of a way to let a bunch of operators know that they should remove
> >>> something without using something like this mailing list.
>  Blacklists
> >>> are
> >>> supposed to fill this role so that one operator doesn't have to try and
> >>> contact thousands of other operators individually, he/she just has to
> >>> appeal
> >>> to the blacklist and once delisted all should be well in short order.
> >>>
> >>>   In cases where companies have their own internal lists, or only
> >>> update
> >>> them a couple of times a year from the major lists,  I don't know of
> >>> another
> >>> way to notify everyone.
> >>
> >> I suspect you'll find many of the private "blacklistings" are hand
> >> maintained (added to as needed, never removed from unless requested) and
> >> you'll need to play whack-a-mole, reaching out to each network as you
> find
> >> they have the space blocked on their mail servers or null routed on
> their
> >> networks.  I doubt your message here will be seen by many of the "right
> >> people."  How many company mail server admins read NANOG?  How many
> >> companies even do email in-house and have mail server admins anymore? :)
> >>
> >> Back when my [at that time] employer was issued some of 69/8, I found it
> >> useful to setup a host with IPs in 69/8 and in one of our older IP
> blocks,
> >> and then do both automated reachability testing and allow anyone to do a
> >> traceroute from both source IPs simultaneously, keeping the results in a
> >> DB.  If you find there are many networks actually null routing your
> >> purchased space, you might setup something similar.
> >>
> >> --
> >>  Jon Lewis, MCP :)   |  I route
> >>  |  therefore you are
> >> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
> >>
> >
> >
>
>

Re: Purchased IPv4 Woes

[Suresh Ramasubramanian]

Which one was it that demanded 2500?

There's only one reasonably well known pay for whitelisting type of blocklist 
but I'd have thought they're a lot cheaper.

--srs

> On 20-Mar-2017, at 9:02 AM, Justin Wilson  wrote:
> 
> Then you have the lists which want money to be removed.  I have an IP that 
> was blacklisted by hotmail. Just a single IP. I have gone through the 
> procedures that are referenced in the return e-mails.  No response.  My next 
> step says something about a $2500 fee to have it investigated.  I know 
> several blacklists which are this way.  Luckily, many admins do not use such 
> lists.

Re: Purchased IPv4 Woes

[Justin Wilson]

Then you have the lists which want money to be removed.  I have an IP that was 
blacklisted by hotmail. Just a single IP. I have gone through the procedures 
that are referenced in the return e-mails.  No response.  My next step says 
something about a $2500 fee to have it investigated.  I know several blacklists 
which are this way.  Luckily, many admins do not use such lists.


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Mar 12, 2017, at 9:10 PM, Bob Evans  wrote:
> 
> Pete's right about how IPs get put on the lists. In fact, let us not
> forget that these lists were mostly created with volunteers - some still
> today. Many are very old lists. Enterprise networks select lists by some
> sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8
> as first - its easy and they think its better than their local ISP they
> pay yet they always call the ISP about slowness when 8.8.8.8 is for
> consumers and doesn't always resolve quickly.  It's a tough sale.
> 
> Once had a customer's employee abuse their mail server - it made some
> lists. Customer complained our network is hosting spammers and sticking
> them in the middle of a problem that is our networks. Hard win. Took us
> months to get that IP off lists. That was one single IP. We did not allow
> them to renew their contract once the term was over. Now, they suffer with
> comcast for business. ;-)
> 
> Thank You
> Bob Evans
> CTO
> 
> 
> 
> 
>> On Sun, 12 Mar 2017, Pete Baldwin wrote:
>> 
>>>   So this is is really the question I had, and this is why I was
>>> wanting to
>>> start a dialog here, hoping that it wasn't out of line for the list.  I
>>> don't
>>> know of a way to let a bunch of operators know that they should remove
>>> something without using something like this mailing list. Blacklists
>>> are
>>> supposed to fill this role so that one operator doesn't have to try and
>>> contact thousands of other operators individually, he/she just has to
>>> appeal
>>> to the blacklist and once delisted all should be well in short order.
>>> 
>>>   In cases where companies have their own internal lists, or only
>>> update
>>> them a couple of times a year from the major lists,  I don't know of
>>> another
>>> way to notify everyone.
>> 
>> I suspect you'll find many of the private "blacklistings" are hand
>> maintained (added to as needed, never removed from unless requested) and
>> you'll need to play whack-a-mole, reaching out to each network as you find
>> they have the space blocked on their mail servers or null routed on their
>> networks.  I doubt your message here will be seen by many of the "right
>> people."  How many company mail server admins read NANOG?  How many
>> companies even do email in-house and have mail server admins anymore? :)
>> 
>> Back when my [at that time] employer was issued some of 69/8, I found it
>> useful to setup a host with IPs in 69/8 and in one of our older IP blocks,
>> and then do both automated reachability testing and allow anyone to do a
>> traceroute from both source IPs simultaneously, keeping the results in a
>> DB.  If you find there are many networks actually null routing your
>> purchased space, you might setup something similar.
>> 
>> --
>>  Jon Lewis, MCP :)   |  I route
>>  |  therefore you are
>> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
>> 
> 
> 

Re: Purchased IPv4 Woes

[Bob Evans]

Pete's right about how IPs get put on the lists. In fact, let us not
forget that these lists were mostly created with volunteers - some still
today. Many are very old lists. Enterprise networks select lists by some
sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8
as first - its easy and they think its better than their local ISP they
pay yet they always call the ISP about slowness when 8.8.8.8 is for
consumers and doesn't always resolve quickly.  It's a tough sale.

Once had a customer's employee abuse their mail server - it made some
lists. Customer complained our network is hosting spammers and sticking
them in the middle of a problem that is our networks. Hard win. Took us
months to get that IP off lists. That was one single IP. We did not allow
them to renew their contract once the term was over. Now, they suffer with
comcast for business. ;-)

Thank You
Bob Evans
CTO




> On Sun, 12 Mar 2017, Pete Baldwin wrote:
>
>>So this is is really the question I had, and this is why I was
>> wanting to
>> start a dialog here, hoping that it wasn't out of line for the list.  I
>> don't
>> know of a way to let a bunch of operators know that they should remove
>> something without using something like this mailing list. Blacklists
>> are
>> supposed to fill this role so that one operator doesn't have to try and
>> contact thousands of other operators individually, he/she just has to
>> appeal
>> to the blacklist and once delisted all should be well in short order.
>>
>>In cases where companies have their own internal lists, or only
>> update
>> them a couple of times a year from the major lists,  I don't know of
>> another
>> way to notify everyone.
>
> I suspect you'll find many of the private "blacklistings" are hand
> maintained (added to as needed, never removed from unless requested) and
> you'll need to play whack-a-mole, reaching out to each network as you find
> they have the space blocked on their mail servers or null routed on their
> networks.  I doubt your message here will be seen by many of the "right
> people."  How many company mail server admins read NANOG?  How many
> companies even do email in-house and have mail server admins anymore? :)
>
> Back when my [at that time] employer was issued some of 69/8, I found it
> useful to setup a host with IPs in 69/8 and in one of our older IP blocks,
> and then do both automated reachability testing and allow anyone to do a
> traceroute from both source IPs simultaneously, keeping the results in a
> DB.  If you find there are many networks actually null routing your
> purchased space, you might setup something similar.
>
> --
>   Jon Lewis, MCP :)   |  I route
>   |  therefore you are
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
>

Re: Purchased IPv4 Woes

[Jon Lewis]

On Sun, 12 Mar 2017, Pete Baldwin wrote:

   So this is is really the question I had, and this is why I was wanting to 
start a dialog here, hoping that it wasn't out of line for the list.  I don't 
know of a way to let a bunch of operators know that they should remove 
something without using something like this mailing list. Blacklists are 
supposed to fill this role so that one operator doesn't have to try and 
contact thousands of other operators individually, he/she just has to appeal 
to the blacklist and once delisted all should be well in short order.


   In cases where companies have their own internal lists, or only update 
them a couple of times a year from the major lists,  I don't know of another 
way to notify everyone.


I suspect you'll find many of the private "blacklistings" are hand 
maintained (added to as needed, never removed from unless requested) and 
you'll need to play whack-a-mole, reaching out to each network as you find 
they have the space blocked on their mail servers or null routed on their 
networks.  I doubt your message here will be seen by many of the "right 
people."  How many company mail server admins read NANOG?  How many 
companies even do email in-house and have mail server admins anymore? :)


Back when my [at that time] employer was issued some of 69/8, I found it 
useful to setup a host with IPs in 69/8 and in one of our older IP blocks, 
and then do both automated reachability testing and allow anyone to do a 
traceroute from both source IPs simultaneously, keeping the results in a 
DB.  If you find there are many networks actually null routing your 
purchased space, you might setup something similar.


--
 Jon Lewis, MCP :)   |  I route
 |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Purchased IPv4 Woes

[Harry McGregor]

Hi,


This is why I moved away from static black lists years ago.  When the 
68/8 and 24/8 blocks were released and tons of networks had it blocked 
since it was "reserved" I observed and felt the pain.


My networks are small, and I rely on things such as fail2ban which auto 
remove the blocks.


I would be willing to bet that many of the network operators/admins that 
blocked your range are either not in the job any more or even dead.  No 
one in the company knows the blocks exist...


-Harry

On 03/12/2017 04:51 PM, Pete Baldwin wrote:
So this is is really the question I had, and this is why I was 
wanting to start a dialog here, hoping that it wasn't out of line for 
the list.  I don't know of a way to let a bunch of operators know that 
they should remove something without using something like this mailing 
list. Blacklists are supposed to fill this role so that one 
operator doesn't have to try and contact thousands of other operators 
individually, he/she just has to appeal to the blacklist and once 
delisted all should be well in short order.


In cases where companies have their own internal lists, or only 
update them a couple of times a year from the major lists,  I don't 
know of another way to notify everyone.


I get why people are more cautious and  filter entire blocks when 
just a few hosts are attacking/spamming them, and everyone has a 
choice on how they want to handle these situations.  As an ISP, I want 
to do as little filtering as possible.  I want all of my customers to 
have access to everything possible.  If a netblock changes hands, I 
want to give the new owner the benefit of the doubt and only filter 
traffic if it repeats the same old behaviour.  We're all using this 
finite space and I don't want to let the hostile minority slowly ruin 
what's left of the ipv4 assignments.



-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

On 03/12/2017 11:40 AM, valdis.kletni...@vt.edu wrote:
How do all the AS's that have their own internal blacklists find out 
that

they should fix their old listings?

Re: Purchased IPv4 Woes

[Pete Baldwin]

So this is is really the question I had, and this is why I was 
wanting to start a dialog here, hoping that it wasn't out of line for 
the list.  I don't know of a way to let a bunch of operators know that 
they should remove something without using something like this mailing 
list. Blacklists are supposed to fill this role so that one operator 
doesn't have to try and contact thousands of other operators 
individually, he/she just has to appeal to the blacklist and once 
delisted all should be well in short order.


In cases where companies have their own internal lists, or only 
update them a couple of times a year from the major lists,  I don't know 
of another way to notify everyone.


I get why people are more cautious and  filter entire blocks when 
just a few hosts are attacking/spamming them, and everyone has a choice 
on how they want to handle these situations.  As an ISP, I want to do as 
little filtering as possible.  I want all of my customers to have access 
to everything possible.  If a netblock changes hands, I want to give the 
new owner the benefit of the doubt and only filter traffic if it repeats 
the same old behaviour.  We're all using this finite space and I don't 
want to let the hostile minority slowly ruin what's left of the ipv4 
assignments.



-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

On 03/12/2017 11:40 AM, valdis.kletni...@vt.edu wrote:

How do all the AS's that have their own internal blacklists find out that
they should fix their old listings?

Re: Purchased IPv4 Woes

[Pete Baldwin]

So just to be clear here, the reason I made this post isn't to have 
some help with removing our block from 'official' blacklists around the 
world.   We checked the lists and we weren't on them.   The last (known) 
list this block was on was in September 2016, so just over 6 months ago 
now, and before we purchased it.


I made this post because it appears that various networks use/used 
some sort of black list at some point, but haven't checked the lists in 
quite some time, or the block behaviour was so bad that admins blocked 
it manually. I'm here to say that we now own it and we plan on taking 
care of it in a responsible manner.


I'm not blaming blacklists for holding our block hostage, as I 
don't see our block IN any blacklists.   This thread was for me to say 
"hey, whoever had this thing in the past must have messed with your 
network enough to block it for a long time, but now I own it and plan on 
keeping it clean, so if you could remove us it would be better for 
everyone."   My contact information has been in each email, so it's 
easily verifiable.


We had limited time with which to acquire space, and we 
back-checked the space as well as we could.   I was not expecting so 
many networks to have it blocked when it isn't actually listed anywhere, 
and I didn't have a method to verify that.


That being said, I like where the thread is going as far as 
discussing AS rep vs CIDR rep, and other ways with which to verify 
whether a block has been transferred to a 'safe' entity vs  a 
'potentially hostile' entity or same entity under a new name.


-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

On 03/12/2017 01:33 PM, Rich Kulawiec wrote:

On Sun, Mar 12, 2017 at 05:59:59PM +0200, Chris Knipe wrote:

It's a loosing battle, and a failed system.  Don't blame the purchaser,
it's a lack of oversight on the part of who ever does the blacklisting.

You bought damaged goods which aren't fit for the purpose you have in mind.

If you had performed due diligence research before finalizing the purchase,
perhaps you would have chosen not to do so.

If the seller had done their due diligence research, perhaps they could
have more accurately described what they were selling to you.

There's certainly a lack of "oversight" here, but it's not on the part
of the various blacklists which have *correctly* noted the dubious history
of the allocation in question.  And which, I might add, are not in
possession of proof that it doesn't still belong to the same people
who generated that dubious history.  In other words, everything said
here thus far might be precisely the truth, or it might be the 14,273th
iteration of a ruse designed to get the block unlisted so that it can
be once again utilized for abuse.

---rsk

Re: Purchased IPv4 Woes

[Baldur Norddahl]

Den 12/03/2017 kl. 19.40 skrev Rob McEwen:

On 3/12/2017 2:00 PM, Baldur Norddahl wrote:

Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).


Also, you're comparing apples-to-oranges. Dynamically allocated IPs 
for "end users" are not suppose to host mail and web servers - at 
least not professional and high-quality hosting services. This is why 
their outbound speed is almost always governed down to a trickle 
(often order of magnitudes slower then the download speeds), and port 
25 is often blocked (when not headed to the mail server hosted by the 
particular ISP which controls that space).


We are talking about address space that got sold. It might have been 
used for dynamically allocated IPs in some previous live. Now some poor 
hosting provider took over and is trying to use it for his new enterprise.


By the way we sell 1000 Mbps downstream, 1000 Mbps upstream and no ports 
are blocked. And we are not the only FTTH provider here doing that. We 
will not decide what our users are supposed to host in a closet in their 
homes.


Regards,

Baldur

Re: Purchased IPv4 Woes

[Baldur Norddahl]

Den 12/03/2017 kl. 19.24 skrev Rob McEwen:

On 3/12/2017 2:00 PM, Baldur Norddahl wrote:

Den 12/03/2017 kl. 18.49 skrev Rob McEwen:

This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH money to be made doing so. But the longer
term repercussions of damaged IP reputation makes that a *bad*
long-term investment (even if the short-term gains are lucrative).


Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).


First, I'm on the front lines of this particular fight - and my 
conversations I have with mail senders (of all various types) gives me 
constant 1st-hand confirmation of these facts you deny.


But don't take my word for it - consider the following article written 
by Brian Krebs:


How much IP address space have you bought or sold in the last year? Me? 
About 5k IP addresses, which might not be a lot but still more than most.


The article says nothing about the pricing of selling or buying IP 
address space.


Yes it is a fact that tainted address space is slightly cheaper than 
"pristine" address space. Slightly. And we will happily buy it because 
we are not using it for sending emails anyway. And so will a lot of 
other eyeball ISPs and that keeps the price up.


I am not complaining about the space we got. Some of it is tainted. We 
just assign users that complain about that some address space from 
untainted space. Most users never notice. But I can see the pain on a 
smaller hosting provider just starting out and he got unlucky with his 
first buy.


Having a spammer abuse your address space is very expensive, but NOT 
because the address space can not be sold. It can. But if you have to do 
that, you will have to tell all your other customers to change addresses 
and they will not be happy campers about that. Plus it is a lot of 
bother and I will bet you that spammers are generally not good paying 
customers.


The assertion that refusing to unblock address space that got sold 
somehow influences spammers is wrong.


Regards,

Baldur

Re: Purchased IPv4 Woes

[Pete Baldwin]

We used giglinx.There was a third party that was validating the 
blocks, and they/we caught a lot of issues with the first block for offer.


This was the second block offered, and it looked decent, but I never 
personally checked the /16 parent.  I was only looking at the /18.   The 
reason I made this post is to try and catch the things I couldn't see.   
We don't appear to be on any lists (RBLs, senderbase look good), but 
obviously we are still in peoples filtering rules.   The big one was 
Spamhaus DROP but that was removed before we purchased the block.


The previous owner looked fine too, it was actually the owner before the 
last that seemed to have been the cause of a lot of the bad rep, but 
again that was cleaned up before we ever even made the request to buy.



-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

On 03/11/2017 11:27 PM, Bryan Holloway wrote:

Indeed.

Let this be a lesson: when purchasing blocks, one MUST do their due 
diligence. Check the RBLs, senderbase, previous owner reputation, etc. 
before buying.


Caveat emptor.


On 3/11/17 3:13 PM, Martin Hannigan wrote:

Which broker did you use fot the transaction?

 Did you get a discount for knowingly accepting a dirty block or is 
this a

surprise?

Are folks asking for warranties on acquired addresses these days?

Cheers,

-M<






Best,

-M<




On Fri, Mar 10, 2017 at 12:11 Pete Baldwin  wrote:


Hi All,

 Hopefully this is not taken in bad taste.   Our organization
purchased some IP space last year (163.182.192.0/18 to be specific), 
and

it appears that this block must have been used for less-than-admirable
purposes in the past.

We have been trying to clean up the reputation where possible, and 
we do

not appear to be on any blacklists, but we do appear to be blocked from
a lot of networks across the US/Canada.I am noticing a lot of name
servers blocking our requests, many web servers, gaming servers, 
mail etc.


This is a transition block for us to move towards v6 everywhere, but we
have many systems that will need to rely on this block of space for 
some

time to come.

We are a small rural co-op ISP in Ontario, and I am just writing this
email as an extra plea so that if you happen to run a network that has
this entire range on your naughty list, we would appreciate you giving
it another chance.  I can be contacted on or off list, thanks.


--


-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

Re: Purchased IPv4 Woes

[Pete Baldwin]

Looks like it was taken off the list in Sept 2016.  I suppose this could 
be the reason why our block is still listed in various networks, even 
though it's not on a known 'official' list.



Thanks for the tip Mike.



-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

On 03/11/2017 01:53 AM, Mike Hale wrote:

It looks like Spamhaus has your entire /16.

https://stat.ripe.net/163.182.192.0%2F18#tabId=anti-abuse



On Fri, Mar 10, 2017 at 10:01 PM, Laurent Dumont
 wrote:

Out of curiosity, who were the previous owner(s), it seems that ARIN only
shows the current owner with any history? If it was a Chinese/Russian block,
you might be out of luck.



On 03/10/2017 12:00 PM, Pete Baldwin wrote:

Hi All,

 Hopefully this is not taken in bad taste.   Our organization purchased
some IP space last year (163.182.192.0/18 to be specific), and it appears
that this block must have been used for less-than-admirable purposes in the
past.

We have been trying to clean up the reputation where possible, and we do
not appear to be on any blacklists, but we do appear to be blocked from a
lot of networks across the US/Canada.I am noticing a lot of name servers
blocking our requests, many web servers, gaming servers, mail etc.

This is a transition block for us to move towards v6 everywhere, but we
have many systems that will need to rely on this block of space for some
time to come.

We are a small rural co-op ISP in Ontario, and I am just writing this
email as an extra plea so that if you happen to run a network that has this
entire range on your naughty list, we would appreciate you giving it another
chance.  I can be contacted on or off list, thanks.

Re: Purchased IPv4 Woes

[Pete Baldwin]

The previous owner was XELAS Software in Marina Del Ray, California.  I 
still see it listed on some geoIP databases, but those have been cleaned 
for the most part.


I'm not sure if someone had it before them and they just got rid of it 
because of these issues, so I don't want to point fingers at XELAS by 
any means.


-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

On 03/11/2017 01:01 AM, Laurent Dumont wrote:
Out of curiosity, who were the previous owner(s), it seems that ARIN 
only shows the current owner with any history? If it was a 
Chinese/Russian block, you might be out of luck.



On 03/10/2017 12:00 PM, Pete Baldwin wrote:

Hi All,

Hopefully this is not taken in bad taste.   Our organization 
purchased some IP space last year (163.182.192.0/18 to be specific), 
and it appears that this block must have been used for 
less-than-admirable purposes in the past.


We have been trying to clean up the reputation where possible, and we 
do not appear to be on any blacklists, but we do appear to be blocked 
from a lot of networks across the US/Canada.I am noticing a lot 
of name servers blocking our requests, many web servers, gaming 
servers, mail etc.


This is a transition block for us to move towards v6 everywhere, but 
we have many systems that will need to rely on this block of space 
for some time to come.


We are a small rural co-op ISP in Ontario, and I am just writing this 
email as an extra plea so that if you happen to run a network that 
has this entire range on your naughty list, we would appreciate you 
giving it another chance.  I can be contacted on or off list, thanks.

Re: Purchased IPv4 Woes

[Ca By]

Their first problem is that

> they are trying to tow a boat with their bicycle.
>

Fair statement for anyone who has not deployed ipv6 and thinks emailing
nanog to get them off a blacklist will help.


> --
> Rob McEwen
>
>
>

Re: Purchased IPv4 Woes

[Rob McEwen]

On 3/12/2017 2:00 PM, Baldur Norddahl wrote:

Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).


Also, you're comparing apples-to-oranges. Dynamically allocated IPs for 
"end users" are not suppose to host mail and web servers - at least not 
professional and high-quality hosting services. This is why their 
outbound speed is almost always governed down to a trickle (often order 
of magnitudes slower then the download speeds), and port 25 is often 
blocked (when not headed to the mail server hosted by the particular ISP 
which controls that space).


Such IPs are OFTEN preemptively blacklisted by Spamhaus's PBL list:

https://www.spamhaus.org/pbl/

If someone wants to run a mail server (or even a web server) from such 
space - then they have a whole bunch of OTHER problems besides who/what 
damaged the space before they acquired it. Their first problem is that 
they are trying to tow a boat with their bicycle.


--
Rob McEwen

Re: Purchased IPv4 Woes

[Rob McEwen]

On 3/12/2017 2:00 PM, Baldur Norddahl wrote:

Den 12/03/2017 kl. 18.49 skrev Rob McEwen:

This motivation goes a LONG way towards countering the profit motives
that hosters/ISPs/Datacenters/ESPs have in selling services to
spammers - there is MUCH money to be made doing so. But the longer
term repercussions of damaged IP reputation makes that a *bad*
long-term investment (even if the short-term gains are lucrative).


Sorry but this is not true. The address space does not lose that much in
value and in fact most address space that has been used for end users is
already tainted in the same way (due to botnets etc).


First, I'm on the front lines of this particular fight - and my 
conversations I have with mail senders (of all various types) gives me 
constant 1st-hand confirmation of these facts you deny.


But don't take my word for it - consider the following article written 
by Brian Krebs:


https://krebsonsecurity.com/2015/08/like-cutting-off-a-limb-to-save-the-body/

If what you said is true, then Hostwinds wouldn't have ever seen a need 
to reform - and they wouldn't have ever reformed. And many of the 
hosters who had more foresight and never had to learn this less the hard 
way - would have likewise followed hostwinds footsteps (except without 
the the reform part)


Also, if any good hosting company just let their guard down and started 
allowing just any spammer to purchase services - their IP space 
reputation would nosedive across-the-board to the lowest of depths... 
that occasional random botnets on a residential dynamic IPs - could 
never get to.


--
Rob McEwen

Re: Purchased IPv4 Woes

[Chris Knipe]

On Sun, Mar 12, 2017 at 7:53 PM, Baldur Norddahl 
wrote:

>
>
> Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:
>
>> http == TCP
>> DNS == (usually) UDP
>>
>> Big difference here.  One requires a three way handshake tearup/teardown,
>> the other does not.
>>
>> It is not an apples to apples comparison.
>>
>>
> You can replicate (download) the whole WHOIS if you need to. There is also
> no requirement that removal from reputation lists is instant. We would be
> good if it happened just within a month or even half a year. The situation
> now is however that you will never have it removed and many reputation
> services will ignore you if try to contact them for manual removal.
>
> At least in the RIPE managed space there IS a reliable way to know for
> sure who owns a block. Can you know that the new owner is any better than
> the old? Of course not, but that is true even for "fresh" address space.
>
> I am not a fan of reputation services that blacklist forever. It is just
> wrong and open for abuse of power. But not much I can do about that other
> than not using their service.
>
>
Also, no reason why a UDP (or DNS based even) query can't be implemented to
facilitate reputation lookups for ASNs, or even ownership.






-- 

Regards,
Chris Knipe

Re: Purchased IPv4 Woes

[Baldur Norddahl]

Den 12/03/2017 kl. 18.49 skrev Rob McEwen:
This motivation goes a LONG way towards countering the profit motives 
that hosters/ISPs/Datacenters/ESPs have in selling services to 
spammers - there is MUCH money to be made doing so. But the longer 
term repercussions of damaged IP reputation makes that a *bad* 
long-term investment (even if the short-term gains are lucrative). 


Sorry but this is not true. The address space does not lose that much in 
value and in fact most address space that has been used for end users is 
already tainted in the same way (due to botnets etc).

Re: Purchased IPv4 Woes

[Baldur Norddahl]

Den 12/03/2017 kl. 18.14 skrev Brielle Bruns:

http == TCP
DNS == (usually) UDP

Big difference here.  One requires a three way handshake 
tearup/teardown, the other does not.


It is not an apples to apples comparison.



You can replicate (download) the whole WHOIS if you need to. There is 
also no requirement that removal from reputation lists is instant. We 
would be good if it happened just within a month or even half a year. 
The situation now is however that you will never have it removed and 
many reputation services will ignore you if try to contact them for 
manual removal.


At least in the RIPE managed space there IS a reliable way to know for 
sure who owns a block. Can you know that the new owner is any better 
than the old? Of course not, but that is true even for "fresh" address 
space.


I am not a fan of reputation services that blacklist forever. It is just 
wrong and open for abuse of power. But not much I can do about that 
other than not using their service.


Regards,

Baldur

Re: Purchased IPv4 Woes

[Rob McEwen]

On 3/12/2017 11:40 AM, valdis.kletni...@vt.edu wrote:

How does Spamhaus find out the block has been resold?
How do other DNS-based blacklist operators find out?


Spamhaus and other reasonable and well-run DNSBLs:

(1) have reasonable auto-expiration mechanisms (which cover the vast 
majority of these situations where a block gets a new and more ethical 
owner)


(2) and have all various different monitoring and feedback mechanisms - 
which may not be perfect and may not have God-like omniscience - but 
generally get things right before too long - they have overall very 
excellent telemetry and they don't get very much wrong at any one point 
in time.


In contrast, much of the cause of this problem described on this thread 
is caused by system admins relying less on well-run blacklists, and rely 
more on "set it and forget it" manual blocking of IPs and subnets at 
their perimeter.


(in contrast to well-run DNSBLs...) They then often have ZERO 
expirations happening - listing are basically permanent - until manually 
removed - and their telemetry/feedback is just horrific compared to a 
well-run DNSBL.


There also are not any public lookup forms in the world where a sender 
can determine which such manual blocks are found on which 
ISP/hosters/datacenters.


The good news here - is that this becomes further motivation for senders 
to be vigilant to protect their IPs reputation - knowing that a lack of 
such effort can quickly lead to their IP space becoming "damaged goods".


This motivation goes a LONG way towards countering the profit motives 
that hosters/ISPs/Datacenters/ESPs have in selling services to spammers 
- there is MUCH money to be made doing so. But the longer term 
repercussions of damaged IP reputation makes that a *bad* long-term 
investment (even if the short-term gains are lucrative).


Meanwhile, btw - moving all mail servers to IPv6 too fast... ELIMINATES 
that motivation. Almost everyone reading this paragraph on NANOG has no 
idea just (a) how much this incentive keeps email sane and manageable - 
and (b) just how bad things will get if this incentive is removed, via 
moving all MTAs to IPv6. (In an all-IPv6 world - if you ruin your IP 
reputation by making a ton of money selling to spammers - there are 
always vast amounts of new space to acquire)


I can tell you that, ultimately, this is the ONLY thing keeping 
hosters/ISPs/Datacenters/ESPs from selling services to spammers. Some 
who deny that this statement applies to them - will at least move the 
goalposts somewhat, now matter how good of intentions they may think 
they have. (human nature always dominates)


(but there is no problem moving all email *clients* to IPv6 - where 
their IPv6-sent mail then SMTP-authenticates to mail servers... which 
then send that message to other mail servers via IPv4 - at least for the 
foreseeable future)


--
Rob McEwen

Re: Purchased IPv4 Woes

[William Herrin]

On Sun, Mar 12, 2017 at 11:11 AM, Chuck Church  wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses
> (RIR ownership change) trigger a removal of that block from all reputation
> list databases?

Hi Chuck,

You're talking about 50+ database operators half of which don't
identify their principals and offer no way contact staff or interact
with them except, sometimes, through narrowly defined reporting tools.

Google is a prime example of the problem. They write great algorithms
but their confidence in those algorithms far exceeds their greatness.
The current catastrophic mess with Recaptcha should offer a cautionary
tale for all.


>  If I buy a car from a police auction, I'm fairly sure the FBI doesn't start
>  tailing me, because the car was once used for less than legal purposes.

You would think so, but I have a friend who is visited by police every
few months because the prior owner of his house is a petty criminal
still committing crimes and their database shows the house as his last
known residence.

Regards,
Bill Herrin




-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: Purchased IPv4 Woes

[Rich Kulawiec]

On Sun, Mar 12, 2017 at 05:59:59PM +0200, Chris Knipe wrote:
> It's a loosing battle, and a failed system.  Don't blame the purchaser,
> it's a lack of oversight on the part of who ever does the blacklisting.

You bought damaged goods which aren't fit for the purpose you have in mind.

If you had performed due diligence research before finalizing the purchase,
perhaps you would have chosen not to do so.

If the seller had done their due diligence research, perhaps they could
have more accurately described what they were selling to you.

There's certainly a lack of "oversight" here, but it's not on the part
of the various blacklists which have *correctly* noted the dubious history
of the allocation in question.  And which, I might add, are not in
possession of proof that it doesn't still belong to the same people
who generated that dubious history.  In other words, everything said
here thus far might be precisely the truth, or it might be the 14,273th
iteration of a ruse designed to get the block unlisted so that it can
be once again utilized for abuse.

---rsk

Re: Purchased IPv4 Woes

[Brielle Bruns]

On 3/12/17 10:38 AM, Chris Knipe wrote:

On Sun, Mar 12, 2017 at 6:17 PM,  wrote:


On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:


Sure, that will work. (And no, the problem isn't the number of http hits
on the registries. 35,840,000,000 hits per day is the easy part...)




And yet, there's no problems of BILLIONS of queries against RBL DNS servers?





http == TCP
DNS == (usually) UDP

Big difference here.  One requires a three way handshake 
tearup/teardown, the other does not.


It is not an apples to apples comparison.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: Purchased IPv4 Woes

[Brielle Bruns]

On 3/12/17 9:11 AM, Chuck Church wrote:

Maybe a silly idea, but shouldn't the sale of a block of addresses
(RIR ownership change) trigger a removal of that block from all
reputation list databases?  If I buy a car from a police auction, I'm
fairly sure the FBI doesn't start tailing me, because the car was
once used for less than legal purposes.  New owner, clean slate.



No.

No verifiable way to confirm that a block has actually changed hands, 
and not just had its user/POC renamed, sold to 'new' owner to dodge 
bankruptcy/creditors, etc.


And just because a car was bought at police auction doesn't mean it has 
no bad things associated with it anymore - such as drugs in the walls of 
the passenger doors, or the FBI tracking device under the front driver 
wheel well.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: Purchased IPv4 Woes

[valdis . kletnieks]

On Sun, 12 Mar 2017 18:38:21 +0200, Chris Knipe said:
> On Sun, Mar 12, 2017 at 6:17 PM,  wrote:
> > on the registries. 35,840,000,000 hits per day is the easy part...)

> And yet, there's no problems of BILLIONS of queries against RBL DNS servers?

As I said, that's not the problem.



pgp2uqJvhXPzc.pgp
Description: PGP signature

Re: Purchased IPv4 Woes

[Chris Knipe]

On Sun, Mar 12, 2017 at 6:17 PM,  wrote:

> On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:
>
>
> Sure, that will work. (And no, the problem isn't the number of http hits
> on the registries. 35,840,000,000 hits per day is the easy part...)
>


And yet, there's no problems of BILLIONS of queries against RBL DNS servers?



-- 

Regards,
Chris Knipe

Re: Purchased IPv4 Woes

[valdis . kletnieks]

On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said:

> > How do all the AS's that have their own internal blacklists find out that
> > they should fix their old listings?  (Note that this is the exact same
> > problem
> > as "We got blacklisted because of a bad customer, we axed the customer, but
> > we're still blacklisted", which has been a an unsolved problem for decades
> > now).
> >
> >
> From the REGISTRY as the ultimate custodian of the IP block.

>From Friday's routing table report.

BGP routing table entries examined:  639225
Prefixes after maximum aggregation (per Origin AS):  248678
Deaggregation factor:  2.57
Unique aggregates announced (without unneeded subnets):  307752
Total ASes present in the Internet Routing Table: 56403

As 56,000 AS's all start querying each of the registries (ARIN, RIPE, APnic,
LACNIC, and AfriNic) for all 639,000 objects once a day, to see which dozen of
those got sold yesterday.

Sure, that will work. (And no, the problem isn't the number of http hits
on the registries. 35,840,000,000 hits per day is the easy part...)


pgpwfMru_Ei81.pgp
Description: PGP signature

Re: Purchased IPv4 Woes

[Chris Knipe]

On Sun, Mar 12, 2017 at 5:59 PM, Baldur Norddahl 
wrote:

> They could watch the routing table and notice which ASN is actually using
> the address space. In fact ASN reputation might work better than IP space
> reputation.
>


+1

And not only the originating ASN, but to a lesser extend, adjacent ASNs too

Re: Purchased IPv4 Woes

[Chris Knipe]

On Sun, Mar 12, 2017 at 5:40 PM,  wrote:

>
> How does Spamhaus find out the block has been resold?
>
> How do other DNS-based blacklist operators find out?
>
>
>From the REGISTRY as the ultimate custodian of the IP block.



> How do all the AS's that have their own internal blacklists find out that
> they should fix their old listings?  (Note that this is the exact same
> problem
> as "We got blacklisted because of a bad customer, we axed the customer, but
> we're still blacklisted", which has been a an unsolved problem for decades
> now).
>
>
>From the REGISTRY as the ultimate custodian of the IP block.

"We got blacklisted because of a bad customer, we axed the customer, but
we're still blacklisted" is a FAR call from what this discussion is about.
 "I got blacklisted because someone else that has NO relevance to me what
so ever was stupid" is more accurate.  You can't punish the purchaser of an
IP block, because of what previous owners of the IP block did.

If I receive a dynamic IP from my ISP on dialup, and the previous user
using that IP hacked the FBI... Am I now to blame because the FBI got
hacked?  NO!  The previous user of the IP is responsible!



> And it's awfully easy to game the system by just reselling the block
> between
> a group of shell companies run by bad actors.
>
>
Yes - just like we're playing ping pong with NetFlix (and others) and VPN
providers because of geo restricted content too :-)

It's a loosing battle, and a failed system.  Don't blame the purchaser,
it's a lack of oversight on the part of who ever does the blacklisting.
And that, should form part of being RESPONSIBLE when you DO decide to
blacklist / unblacklist IP blocks.  There are FAR to many companies on the
Internet that simply does what they want, when they want.

I (or anyone else - I haven't purchased IP space from any other source
other than registries, yet), can't be held liable for what others have
done.  Whether it's IP space, whether it's breaking an entering, whether
it's fraud, it doesn't matter. I did not commit the act, and I can't be
held liable.  Your punishing the wrong person, for the wrong reason.

The fact that there's companies out there, CAMPING on /8s which they do not
use and yet refuse to return, is exactly why the internet is sitting in
this predicament.

Re: Purchased IPv4 Woes

[Baldur Norddahl]

They could watch the routing table and notice which ASN is actually using
the address space. In fact ASN reputation might work better than IP space
reputation.

Fact is that the current approach does nothing to stop spammers from
swapping space when they are done abusing one space. The argument that
clearing the slate for sold space would make it easy to game the system
does not hold. It is already trivial.

The sad fact is that entities like Spamhaus simply do not care. Not even
though they are not succeeding in hurting actual spammers. Not even though
they are making their own service less useful.

Regards

Baldur


Den 12. mar. 2017 16.41 skrev :

On Sun, 12 Mar 2017 11:11:41 -0400, "Chuck Church" said:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases?  If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start tailing me, because the car was once used for less than
legal
> purposes.  New owner, clean slate.

How does Spamhaus find out the block has been resold?

How do other DNS-based blacklist operators find out?

How do all the AS's that have their own internal blacklists find out that
they should fix their old listings?  (Note that this is the exact same
problem
as "We got blacklisted because of a bad customer, we axed the customer, but
we're still blacklisted", which has been a an unsolved problem for decades
now).

And it's awfully easy to game the system by just reselling the block between
a group of shell companies run by bad actors.

Re: Purchased IPv4 Woes

[Rich Kulawiec]

On Sun, Mar 12, 2017 at 11:11:41AM -0400, Chuck Church wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation
> list databases?

If we'd not seen many, MANY instances where this was done as a ruse
to present the appearance of an ownership change while a block was
actually still controlled by the same entity (or their partners or
similar) then yes, maybe this might be a viable approach.

--rsk

Re: Purchased IPv4 Woes

[valdis . kletnieks]

On Sun, 12 Mar 2017 11:11:41 -0400, "Chuck Church" said:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR
> ownership change) trigger a removal of that block from all reputation list
> databases?  If I buy a car from a police auction, I'm fairly sure the FBI
> doesn't start tailing me, because the car was once used for less than legal
> purposes.  New owner, clean slate.

How does Spamhaus find out the block has been resold?

How do other DNS-based blacklist operators find out?

How do all the AS's that have their own internal blacklists find out that
they should fix their old listings?  (Note that this is the exact same problem
as "We got blacklisted because of a bad customer, we axed the customer, but
we're still blacklisted", which has been a an unsolved problem for decades now).

And it's awfully easy to game the system by just reselling the block between
a group of shell companies run by bad actors.



pgprCcbRkVTyH.pgp
Description: PGP signature

Re: Purchased IPv4 Woes

[Stephen Frost]

Chuck,

* Chuck Church (chuckchu...@gmail.com) wrote:
> Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR 
> ownership change) trigger a removal of that block from all reputation list 
> databases?  If I buy a car from a police auction, I'm fairly sure the FBI 
> doesn't start tailing me, because the car was once used for less than legal 
> purposes.  New owner, clean slate.

That would be an awful easy way to allow people to game the entire
reputation list system by simply creating more companies and passing
ownership around.

This could work if the system "knows" that the buyer isn't going to
use the netblock for spamming, but that's next to impossible to do in
any kind of automated fashion.

Thanks!

Stephen


signature.asc
Description: Digital signature

RE: Purchased IPv4 Woes

[Clayton Zekelman]

What should and does happen are two different 
things.   The reputation lists aren't a regulated entity.  The FBI is.


At 11:11 AM 12/03/2017, Chuck Church wrote:
Maybe a silly idea, but shouldn't the sale of a 
block of addresses (RIR ownership change) 
trigger a removal of that block from all 
reputation list databases?  If I buy a car from 
a police auction, I'm fairly sure the FBI 
doesn't start tailing me, because the car was 
once used for less than legal purposes.  New owner, clean slate.


Chuck

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Justin Wilson
Sent: Sunday, March 12, 2017 10:51 AM
To: NANOG <nanog@nanog.org>
Subject: Re: Purchased IPv4 Woes

I am interested in what broker you used as 
well.  We have used a few that do a little due 
diligence on their end, but we still do our 
own.   We have seen an auction pulled due to the 
space having a bad reputation, but we were the 
ones who had to step up and say something.



Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting ­ Data Centers - Bandwidth
http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Mar 10, 2017, at 12:00 PM, Pete Baldwin <p...@tccmail.ca> wrote:
>
> Hi All,
>
>Hopefully this is not taken in bad 
taste.   Our organization purchased some IP 
space last year (163.182.192.0/18 to be 
specific), and it appears that this block must 
have been used for less-than-admirable purposes in the past.

>
> We have been trying to clean up the 
reputation where possible, and we do not appear 
to be on any blacklists, but we do appear to be 
blocked from a lot of networks across the 
US/Canada.I am noticing a lot of name 
servers blocking our requests, many web servers, gaming servers, mail etc.

>
> This is a transition block for us to move 
towards v6 everywhere, but we have many systems 
that will need to rely on this block of space for some time to come.

>
> We are a small rural co-op ISP in Ontario, 
and I am just writing this email as an extra 
plea so that if you happen to run a network 
that has this entire range on your naughty 
list, we would appreciate you giving it another 
chance.  I can be contacted on or off list, thanks.

>
>
> --
>
>
> -
>
> Pete Baldwin
> Tuckersmith Communications
> (P) 519-565-2400
> (C) 519-441-7383
>


--

Clayton Zekelman
Managed Network Systems Inc. (MNSi)
3363 Tecumseh Rd. E
Windsor, Ontario
N8W 1H4

tel. 519-985-8410
fax. 519-985-8409

RE: Purchased IPv4 Woes

[Chuck Church]

Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR 
ownership change) trigger a removal of that block from all reputation list 
databases?  If I buy a car from a police auction, I'm fairly sure the FBI 
doesn't start tailing me, because the car was once used for less than legal 
purposes.  New owner, clean slate.

Chuck

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Justin Wilson
Sent: Sunday, March 12, 2017 10:51 AM
To: NANOG <nanog@nanog.org>
Subject: Re: Purchased IPv4 Woes

I am interested in what broker you used as well.  We have used a few that do a 
little due diligence on their end, but we still do our own.   We have seen an 
auction pulled due to the space having a bad reputation, but we were the ones 
who had to step up and say something.  


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Mar 10, 2017, at 12:00 PM, Pete Baldwin <p...@tccmail.ca> wrote:
> 
> Hi All,
> 
>Hopefully this is not taken in bad taste.   Our organization purchased 
> some IP space last year (163.182.192.0/18 to be specific), and it appears 
> that this block must have been used for less-than-admirable purposes in the 
> past.
> 
> We have been trying to clean up the reputation where possible, and we do not 
> appear to be on any blacklists, but we do appear to be blocked from a lot of 
> networks across the US/Canada.I am noticing a lot of name servers 
> blocking our requests, many web servers, gaming servers, mail etc.
> 
> This is a transition block for us to move towards v6 everywhere, but we have 
> many systems that will need to rely on this block of space for some time to 
> come.
> 
> We are a small rural co-op ISP in Ontario, and I am just writing this email 
> as an extra plea so that if you happen to run a network that has this entire 
> range on your naughty list, we would appreciate you giving it another chance. 
>  I can be contacted on or off list, thanks.
> 
> 
> -- 
> 
> 
> -
> 
> Pete Baldwin
> Tuckersmith Communications
> (P) 519-565-2400
> (C) 519-441-7383
> 

Re: Purchased IPv4 Woes

[Justin Wilson]

I am interested in what broker you used as well.  We have used a few that do a 
little due diligence on their end, but we still do our own.   We have seen an 
auction pulled due to the space having a bad reputation, but we were the ones 
who had to step up and say something.  


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Mar 10, 2017, at 12:00 PM, Pete Baldwin  wrote:
> 
> Hi All,
> 
>Hopefully this is not taken in bad taste.   Our organization purchased 
> some IP space last year (163.182.192.0/18 to be specific), and it appears 
> that this block must have been used for less-than-admirable purposes in the 
> past.
> 
> We have been trying to clean up the reputation where possible, and we do not 
> appear to be on any blacklists, but we do appear to be blocked from a lot of 
> networks across the US/Canada.I am noticing a lot of name servers 
> blocking our requests, many web servers, gaming servers, mail etc.
> 
> This is a transition block for us to move towards v6 everywhere, but we have 
> many systems that will need to rely on this block of space for some time to 
> come.
> 
> We are a small rural co-op ISP in Ontario, and I am just writing this email 
> as an extra plea so that if you happen to run a network that has this entire 
> range on your naughty list, we would appreciate you giving it another chance. 
>  I can be contacted on or off list, thanks.
> 
> 
> -- 
> 
> 
> -
> 
> Pete Baldwin
> Tuckersmith Communications
> (P) 519-565-2400
> (C) 519-441-7383
> 

Re: Purchased IPv4 Woes

[Bob Evans]

Validating is a lot of work, but you have to do it. I know there are lots
of blocks with RBL problems. Some spammers make so much money, they easily
afford to buy small blocks , abuse them to make money, buy more blocks and
put the olds up for sale. Careful price is rarely a tell about a bad
block. Only the cost of their first block is their initial sunk cost, as
they cycle through blocks.

Thank You
Bob Evans
CTO




> Indeed.
>
> Let this be a lesson: when purchasing blocks, one MUST do their due
> diligence. Check the RBLs, senderbase, previous owner reputation, etc.
> before buying.
>
> Caveat emptor.
>
>
> On 3/11/17 3:13 PM, Martin Hannigan wrote:
>> Which broker did you use fot the transaction?
>>
>>  Did you get a discount for knowingly accepting a dirty block or is this
>> a
>> surprise?
>>
>> Are folks asking for warranties on acquired addresses these days?
>>
>> Cheers,
>>
>> -M<
>>
>>
>>
>>
>>
>>
>> Best,
>>
>> -M<
>>
>>
>>
>>
>> On Fri, Mar 10, 2017 at 12:11 Pete Baldwin  wrote:
>>
>>> Hi All,
>>>
>>>  Hopefully this is not taken in bad taste.   Our organization
>>> purchased some IP space last year (163.182.192.0/18 to be specific),
>>> and
>>> it appears that this block must have been used for less-than-admirable
>>> purposes in the past.
>>>
>>> We have been trying to clean up the reputation where possible, and we
>>> do
>>> not appear to be on any blacklists, but we do appear to be blocked from
>>> a lot of networks across the US/Canada.I am noticing a lot of name
>>> servers blocking our requests, many web servers, gaming servers, mail
>>> etc.
>>>
>>> This is a transition block for us to move towards v6 everywhere, but we
>>> have many systems that will need to rely on this block of space for
>>> some
>>> time to come.
>>>
>>> We are a small rural co-op ISP in Ontario, and I am just writing this
>>> email as an extra plea so that if you happen to run a network that has
>>> this entire range on your naughty list, we would appreciate you giving
>>> it another chance.  I can be contacted on or off list, thanks.
>>>
>>>
>>> --
>>>
>>>
>>> -
>>>
>>> Pete Baldwin
>>> Tuckersmith Communications
>>> (P) 519-565-2400
>>> (C) 519-441-7383
>>>
>>>
>

Re: Purchased IPv4 Woes

[Bryan Holloway]

Indeed.

Let this be a lesson: when purchasing blocks, one MUST do their due 
diligence. Check the RBLs, senderbase, previous owner reputation, etc. 
before buying.


Caveat emptor.


On 3/11/17 3:13 PM, Martin Hannigan wrote:

Which broker did you use fot the transaction?

 Did you get a discount for knowingly accepting a dirty block or is this a
surprise?

Are folks asking for warranties on acquired addresses these days?

Cheers,

-M<






Best,

-M<




On Fri, Mar 10, 2017 at 12:11 Pete Baldwin  wrote:


Hi All,

 Hopefully this is not taken in bad taste.   Our organization
purchased some IP space last year (163.182.192.0/18 to be specific), and
it appears that this block must have been used for less-than-admirable
purposes in the past.

We have been trying to clean up the reputation where possible, and we do
not appear to be on any blacklists, but we do appear to be blocked from
a lot of networks across the US/Canada.I am noticing a lot of name
servers blocking our requests, many web servers, gaming servers, mail etc.

This is a transition block for us to move towards v6 everywhere, but we
have many systems that will need to rely on this block of space for some
time to come.

We are a small rural co-op ISP in Ontario, and I am just writing this
email as an extra plea so that if you happen to run a network that has
this entire range on your naughty list, we would appreciate you giving
it another chance.  I can be contacted on or off list, thanks.


--


-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383

Re: Purchased IPv4 Woes

[Martin Hannigan]

Which broker did you use fot the transaction?

 Did you get a discount for knowingly accepting a dirty block or is this a
surprise?

Are folks asking for warranties on acquired addresses these days?

Cheers,

-M<






Best,

-M<




On Fri, Mar 10, 2017 at 12:11 Pete Baldwin  wrote:

> Hi All,
>
>  Hopefully this is not taken in bad taste.   Our organization
> purchased some IP space last year (163.182.192.0/18 to be specific), and
> it appears that this block must have been used for less-than-admirable
> purposes in the past.
>
> We have been trying to clean up the reputation where possible, and we do
> not appear to be on any blacklists, but we do appear to be blocked from
> a lot of networks across the US/Canada.I am noticing a lot of name
> servers blocking our requests, many web servers, gaming servers, mail etc.
>
> This is a transition block for us to move towards v6 everywhere, but we
> have many systems that will need to rely on this block of space for some
> time to come.
>
> We are a small rural co-op ISP in Ontario, and I am just writing this
> email as an extra plea so that if you happen to run a network that has
> this entire range on your naughty list, we would appreciate you giving
> it another chance.  I can be contacted on or off list, thanks.
>
>
> --
>
>
> -
>
> Pete Baldwin
> Tuckersmith Communications
> (P) 519-565-2400
> (C) 519-441-7383
>
>

Re: Purchased IPv4 Woes

[Mike Hale]

It looks like Spamhaus has your entire /16.

https://stat.ripe.net/163.182.192.0%2F18#tabId=anti-abuse



On Fri, Mar 10, 2017 at 10:01 PM, Laurent Dumont
 wrote:
> Out of curiosity, who were the previous owner(s), it seems that ARIN only
> shows the current owner with any history? If it was a Chinese/Russian block,
> you might be out of luck.
>
>
>
> On 03/10/2017 12:00 PM, Pete Baldwin wrote:
>>
>> Hi All,
>>
>> Hopefully this is not taken in bad taste.   Our organization purchased
>> some IP space last year (163.182.192.0/18 to be specific), and it appears
>> that this block must have been used for less-than-admirable purposes in the
>> past.
>>
>> We have been trying to clean up the reputation where possible, and we do
>> not appear to be on any blacklists, but we do appear to be blocked from a
>> lot of networks across the US/Canada.I am noticing a lot of name servers
>> blocking our requests, many web servers, gaming servers, mail etc.
>>
>> This is a transition block for us to move towards v6 everywhere, but we
>> have many systems that will need to rely on this block of space for some
>> time to come.
>>
>> We are a small rural co-op ISP in Ontario, and I am just writing this
>> email as an extra plea so that if you happen to run a network that has this
>> entire range on your naughty list, we would appreciate you giving it another
>> chance.  I can be contacted on or off list, thanks.
>>
>>
>



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Purchased IPv4 Woes

[Laurent Dumont]

Out of curiosity, who were the previous owner(s), it seems that ARIN 
only shows the current owner with any history? If it was a 
Chinese/Russian block, you might be out of luck.



On 03/10/2017 12:00 PM, Pete Baldwin wrote:

Hi All,

Hopefully this is not taken in bad taste.   Our organization 
purchased some IP space last year (163.182.192.0/18 to be specific), 
and it appears that this block must have been used for 
less-than-admirable purposes in the past.


We have been trying to clean up the reputation where possible, and we 
do not appear to be on any blacklists, but we do appear to be blocked 
from a lot of networks across the US/Canada.I am noticing a lot of 
name servers blocking our requests, many web servers, gaming servers, 
mail etc.


This is a transition block for us to move towards v6 everywhere, but 
we have many systems that will need to rely on this block of space for 
some time to come.


We are a small rural co-op ISP in Ontario, and I am just writing this 
email as an extra plea so that if you happen to run a network that has 
this entire range on your naughty list, we would appreciate you giving 
it another chance.  I can be contacted on or off list, thanks.

Purchased IPv4 Woes

[Pete Baldwin]

Hi All,

Hopefully this is not taken in bad taste.   Our organization 
purchased some IP space last year (163.182.192.0/18 to be specific), and 
it appears that this block must have been used for less-than-admirable 
purposes in the past.


We have been trying to clean up the reputation where possible, and we do 
not appear to be on any blacklists, but we do appear to be blocked from 
a lot of networks across the US/Canada.I am noticing a lot of name 
servers blocking our requests, many web servers, gaming servers, mail etc.


This is a transition block for us to move towards v6 everywhere, but we 
have many systems that will need to rely on this block of space for some 
time to come.


We are a small rural co-op ISP in Ontario, and I am just writing this 
email as an extra plea so that if you happen to run a network that has 
this entire range on your naughty list, we would appreciate you giving 
it another chance.  I can be contacted on or off list, thanks.



--


-

Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383