North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Another DNS blacklist is taken down

  • From: Chris Lewis
  • Date: Wed Sep 24 16:38:11 2003 
Jack Bates wrote:


Mark Segal wrote:

I think some RBLs might get better responses from the ISPs when they stop
taking "collateral damage gets the abuse department's attention" attitudes..
Some RBLs cause many providers a LOT of headaches, so it is not surprising
that when it is their turn to complain, the ISPs will just say: post to
abuse.ddos.isp.net and we might get around to fixing it. :).
It's useful to be careful in how we define collateral damage here. Collateral damage can include, for example, non-spam email coming from a spammer's site.

In this context, we're talking about _escalation_ of listings outside of the demonstrated spamming/abusive/insecure IPs.

monkey's had no collateral damage issues until PHL was released due to non-response from ISP's.
The PHL is the escalation.
openrbl.org does not host a blacklist and thus cannot have collateral damage.

SBL is famous for it's lack of collateral damage.
SBL does escalation, but rarely. (WCG, Chinanet for example).


ordb is specialized and has had no collateral damage issues.
ORDB does not escalate. Has it been DDOS'd? Pointless, open relay blacklists are virtually useless these days.

SPEWS escalates (obviously).

The DDOS's have been against SPEWS, SBL and Monkeys. Most of the other targets were re-publishers/distributors of SPEWS (ie: SORBS, Osirus, openrbl.org). Each of the three are _very_ public targets and generate lots of chatter/discussion on NANAE. Monkeys of course has RFG behind it and all that denotes.