North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

*** MAKE [email protected] DIE FAST!!! *** (fwd)

  • From: Michael Dillon
  • Date: Wed Aug 21 22:45:12 1996 
I see the following kind of message on a regular basis. How long before
this kind of thing starts to cause significant problems? And lest you say
that xmission.com is only a small unimportant provider, I've seen much
larger ones also saying they do this and not everybody is as selective
about only blocking one port.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: [email protected]

---------- Forwarded message ----------
Date: Wed, 21 Aug 1996 15:38:19 -0600 (MDT)
From: Pete Ashdown <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: *** MAKE [email protected] DIE FAST!!! ***
Resent-Date: Wed, 21 Aug 1996 15:39:02 -0600 (MDT)
Resent-From: [email protected]

We have seen an inordinate amount of spam email sourcing from Interramp.com
and their customers.  Despite frequent attempts to notify KEN ANDREWS, PSI,
or any living soul at Interramp, our pleas have gone unanswered.  As a
result, *ALL* SMTP mail traffic from Interramp's networks has been blocked at
the router level here.

I would encourage *EVERY* responsible ISP to do the same.  Interramp does not
appear to care about spam problems, and in fact has become a haven for this
type of crap due to their complicity.

The following is instructions on how to block Interramp SMTP traffic on a
Cisco:

Make an extended IP access list:

access-list 120 deny tcp 38.8.23.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.8.31.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.8.45.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.8.65.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.9.51.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.10.1.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.10.2.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.10.3.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.10.4.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.10.5.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.10.220.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.72.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.122.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.183.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.189.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.194.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.207.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.208.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.209.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.210.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.215.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.217.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.224.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.226.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.227.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.229.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.230.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.231.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.237.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.243.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.11.244.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.81.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.93.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.126.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.128.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.138.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.140.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.156.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.157.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.158.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.178.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.179.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.190.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.205.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.206.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.208.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.209.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.234.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.12.243.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.101.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.110.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.126.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.128.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.138.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.140.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.142.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.35.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.36.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.37.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.40.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.45.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.74.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.79.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.14.82.0 0.0.0.255 eq smtp any
access-list 120 deny tcp 38.26.44.0 0.0.0.255 eq smtp any
access-list 120 ip permit all all

Due to the fact that Interramp's networks are not contiguous in any apparent
way, you have to block each one on a class C basis.  If anyone sees any
evidence otherwise, please let me know.  Of course, it wouldn't be a bad idea
to block all of 38.0.0.0 because PSI hasn't been cooperative either.

After the list is created, add it to your incoming interfaces with:

ip access-group 120 in

The 120 is arbitrary, it can be anything in the extended IP access-list range.

============================== ISP Mailing List ==============================
Email ``unsubscribe'' to [email protected] to be removed.
Don't post messages that just say ``me too''.

- - - - - - - - - - - - - - - - -