North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: small vent

  • From: Alex Bligh
  • Date: Sat Jun 27 13:48:46 1998

> Keep in mind that some of these "clueless folk" may expect individually
> assigned CIDRs to be registered accurately, and are complaing to the
> registered contact for the block.  If these blocks aren't
> registered/SWIPed appropriately, your argument is weak.

Last time I looked, most mailservers only live on /32s. Blocking these
is in general sufficient. There are at least 2 ways to do this in
a scalable manner (for both see http://maps.vix.com/), and I'm
sure there are more.

"Escalating" higher doesn't necessarily help. Europe (for instance)
works on the Local-IR basis rather than SWIP. As a local IR I have
(for instance) a /16 I'm assigning out of. I have customers of customers
of customers who have had open relays. When people manage to use
whois.ripe.net not whois.apnic.net, I occassionally see complaints
about this. In every case (well I hope so), my customer has been
correctly listed in the RIPE DB. My customer may or may not
be responsive. But tracking this down to the customer's customer's
customer is difficult. Surely the best thing to do is block the /32
if it's causing problems. I can't see what you gain by (say) blocking
the /16.

The other thing you can persuade people to do is run the RBL. Currently
we run the BGP version, so if one of my customer's customer's customers
is being abused as an open relay, they'll lose all connectivity to their
mail server, not just to your network. This normally makes them fix
things quickly (yes, we don't distribute-list out our own customer ranges
from the RBL). Running your own "blacklist" rather than using generally
available lists has its disadvantages (remember it's easy to add and
subtract to/from something like the RBL and personalize it somewhat).

In any case, I contest your statement that Europe (don't know about AP)
is noticeably behind. If I look at the locations of the relays on the
spam that gets through here, the vast majority are in the US. Assuming
spammers don't have some perverted addiction to sending spam to the US
through Europe and spam to the UK from the US, I think your maths may
be a little awry (or possibly the RBL has already cured the European
site problem).



-- 
Alex Bligh
GX Networks (formerly Xara Networks)