North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: *** MAKE [email protected] DIE FAST!!! *** (fwd)
Even if I wanted to do this, I don't think I could take the performance hit running an access list that large on my incoming ports would create. I think in order to be able to handle that kind of filtration, he must be an insignificant smaller provider. A larger provider doesn't have the spare cycles in the router to handle it. Owen > I see the following kind of message on a regular basis. How long before > this kind of thing starts to cause significant problems? And lest you say > that xmission.com is only a small unimportant provider, I've seen much > larger ones also saying they do this and not everybody is as selective > about only blocking one port. > > Michael Dillon - ISP & Internet Consulting > Memra Software Inc. - Fax: +1-604-546-3049 > http://www.memra.com - E-mail: [email protected] > > ---------- Forwarded message ---------- > Date: Wed, 21 Aug 1996 15:38:19 -0600 (MDT) > From: Pete Ashdown <[email protected]> > Reply-To: [email protected] > To: [email protected] > Subject: *** MAKE [email protected] DIE FAST!!! *** > Resent-Date: Wed, 21 Aug 1996 15:39:02 -0600 (MDT) > Resent-From: [email protected] > > We have seen an inordinate amount of spam email sourcing from Interramp.com > and their customers. Despite frequent attempts to notify KEN ANDREWS, PSI, > or any living soul at Interramp, our pleas have gone unanswered. As a > result, *ALL* SMTP mail traffic from Interramp's networks has been blocked at > the router level here. > > I would encourage *EVERY* responsible ISP to do the same. Interramp does not > appear to care about spam problems, and in fact has become a haven for this > type of crap due to their complicity. > > The following is instructions on how to block Interramp SMTP traffic on a > Cisco: > > Make an extended IP access list: > > access-list 120 deny tcp 38.8.23.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.8.31.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.8.45.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.8.65.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.9.51.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.10.1.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.10.2.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.10.3.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.10.4.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.10.5.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.10.220.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.72.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.122.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.183.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.189.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.194.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.207.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.208.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.209.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.210.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.215.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.217.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.224.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.226.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.227.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.229.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.230.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.231.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.237.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.243.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.11.244.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.81.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.93.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.126.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.128.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.138.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.140.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.156.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.157.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.158.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.178.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.179.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.190.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.205.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.206.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.208.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.209.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.234.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.12.243.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.101.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.110.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.126.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.128.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.138.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.140.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.142.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.35.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.36.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.37.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.40.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.45.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.74.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.79.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.14.82.0 0.0.0.255 eq smtp any > access-list 120 deny tcp 38.26.44.0 0.0.0.255 eq smtp any > access-list 120 ip permit all all > > Due to the fact that Interramp's networks are not contiguous in any apparent > way, you have to block each one on a class C basis. If anyone sees any > evidence otherwise, please let me know. Of course, it wouldn't be a bad idea > to block all of 38.0.0.0 because PSI hasn't been cooperative either. > > After the list is created, add it to your incoming interfaces with: > > ip access-group 120 in > > The 120 is arbitrary, it can be anything in the extended IP access-list range. > > ============================== ISP Mailing List ============================== > Email ``unsubscribe'' to [email protected] to be removed. > Don't post messages that just say ``me too''. > > - - - - - - - - - - - - - - - - -
|