Can anybody help me with a NOC or SOC contact for OLM?
It appears OLM.Net is blocking all traffic from some/all of my
employer's network space as it enters their network, including DNS
lookup of domains hosted on fastdns.net and sylint.com.
The last IP seen on traceroutes is 4.68.97.40 or other 4.68.97.X addresses.
Thanks,
Kevin Kadow
(P.S. I've been on hold with their technical support line for the past
forty minutes.)
Is it just me or the level of spam coming from ASIA (region) has just increased 10 fold in the past week?
And naturally abuse emails are left unanwsered.
Then you're doing it wrong.
And you'd discover for yourself that its a dumb move to nullroute or
depeer with everything you can think of, trying to block spam
Shouldnt be too hard to find that out even if you run a small local
ISP in montreal, given the huge number of chinese / vietnamese people
I saw there (they'd probably all use shaw and bell anyway)
If you didnt attend the MAAWG mtg in montreal late last year you
missed out on learning quite a lot of really operational spam
filtering, none of which included "nullroute whatever you can"
Is it just me or the level of spam coming from ASIA (region) has
just increased 10 fold in the past week?
(snip)
it comes and goes like the wind, and the tides.
I could see Peer stopping annoncement of the routes of ISP's that
do not comply with abuse (I mean high volume of abuse here) after 12h...
Much as I would like to see an ISP level response about security
issues/spam/foo pollution on the internet, I am not in favor for the
balkanization of the internet.
We know that those people with OWNED boxes (via virus,bot, or layer 8)
take up a large amount of bandwidth (relative to revinue), and therefore
add expenses to an isp. Smart people know this. The people on the list
know this. Stopping inbound packets except for Common Well Known Services,
might be a good option for an isp to add, BUT that takes up a lot
of router CPU.
That does not do the rest of us any good at this point, people
will pollute until trashing the environment
_ becomes inconvenient _ for them.
A way to make things inconvenient, is to not allocate any more
ip addresses to historical polluters (or ipv6 only). If this is done
at the arin/ripe/apnic/etc level, I believe that problem children
will find it in their best interest to start putting outbound
filters in place, and getting rid of people who can not be
bothered to manage their own machines.
The data is in place right now SANS.edu Internet Storm Center - SANS Internet Storm Center
You can drill down to an ip address, such as
http://www.dshield.org/ipinfo.php?ip=024.000.003.075
http://www.dshield.org/ipinfo.php?ip=221.004.061.168
increasing the level of reporting so that common pollution,
such as port 1025-1030, 135,445, etc would be pretty easy.
Perhaps a BOF at NANOG Dallas might be in order.
Or why not having the registrar blackhole the domain if the abuse
level gets too high?
Then you only have no DNS, that does not stop a port scan/spam spew.
This is not a problem limited to a region of the world,
stupidity is a planet wide illness.
( and I am guilty of being ill from time to time)
-charles
Pick two: good, fast, or cheap.
(fixed scope,fixed timeframe,or fixed budget)
(Elegant, documented, on time)(Privacy, accuracy, security)
(Have fun, do good, stay out of trouble)(Study, socialize,
sleep)(Diverse, free, equal)(Fast, efficient, useful)
(Cheap, healthy, tasty)(Secure, usable, affordable)
(Short, memorable, unique)(Cheap, light, strong)
Should have been clearer, most of the abuse emails I send to ISP's operating in the APNIC are ineffective.
(Well it compares to local tyrant like MaBell or Cable Distributor)
Maybe they dont put any priority into what a "small ISP in Montreal" think because the relation between the APNIC community and ARIN's are not as strong.
Except for the for mention tyrant, ISP's in ARIN are pretty quick in fixing the issues.
For APNIC, we also includes all their peers up-to (if possible) to a ARIN one. But we only do that on extreme case of network flooding.
(No sense on wasting operator time on spam related incidents)
I agree you have a problem there - but try using something like
spamhaus.org's sbl and xbl first. And then a few other well chosen
blocklists (not the "block all traffic from a country" variety at all)
You wont get any productive results from blocking apnic space the way you do.
-srs
Hi,
Yes, those are already in place and do a really good job (about 40% from the daily stats).
Another 40% get caught by razor, pyzor, our own local spam election database and spamassassin. (less than 1% are viruses)
Its the other 20% which is buggin the hell of our clients... (Mostly New spam format and the dynamic spam with generated images)
Its the other 20% which is buggin the hell of our clients...
(Mostly New spam format and the dynamic spam with generated images)
Try a few of the cheaper tricks - HELO checks, for example, or
greetpause (I'd say graylisting but that has interesting consequences
when it comes up against another "cool antispam trick" - sender
address callbacks).
They'll cut down on a ton of this stuff. AUPs etc are good but
believing in the "be generous in what you accept" part of that old saw
never got you anywhere... though a certain amount of generosity is
called for all right.
Most ARIN ISP's also take it somewhat seriously (legal issues and
such)... Except for those big ones, big lawyers thrump reality/truth
anytime.
Asiapac ISPs have a rather worse problem but well - theyre not the only ones.
Like I said try maawg - the next one is later this month in SFO - www.maawg.org
Most ARIN ISP's also take it somewhat seriously (legal issues and
such)... Except for those big ones, big lawyers thrump reality/truth
anytime.
Asiapac ISPs have a rather worse problem but well - theyre not the only ones.
These days, a lot of smallish ISP's are blocking CNNIC and/or KRNIC space
wholesale.
As for CN, the truth of the matter is, the Golden Shield is a very
internally oriented (not just xenophobic) filter. CN cares a whole bunch
what the rest of the world does to its people. CN doesn't care nearly at
all what its people do to the rest of the world. Quite the double standard.
The social problem will not be fixed in the foreseeable future, so we have
to settle for an imperfect technical solution -- for now. For some
operations, the spew level is so high that blanket blocking CNNIC is the
only reasonably maintainable option.
I'm not (yet) blanket blocking the entire IP space in those countries, but I am blocking huge swaths at the mailserver. Not network wide though. It won't be long before they collectively earn such large blocking at the mailservers I control. On the larger of them we reject anywhere from 6-20k attempts/day per inbound server. Almost all of them do exact numbers of attempts (15, 20, and 50 are very common per ip number attempts).
I haven't looked into it any further but we haven't heard any customer complaints.