On Thursday, March 11, 2004 6:16 PM [EST], william(at)elan.net <william@elan.net> wrote:
Which RBL operators flood /24's or /16's? What do they flood them with?
I think he meant that RBLs sometimes include entire /24 in RBL list when only one or two ips are at fault and some would go even highier to include entire ISP allocation. This is probably talking about SPEWs and alike RBLs
That usually only happens when providers ignore abuse reports and don't do something about their abusive customers. Thats how we do it at the AHBL - you ignore abuse reports for long enough and pretend like the problem doesn't exist, you get a /24 listed. You move the spammer to another block, inside your network, and it grows to encompass the new block as well as the old one. And it keeps going from there. Thats how the rima-tde blocks that are in the AHBL got started - single /32s, then as the spam and 419 scams came in faster, it expanded to /24s, and finally after 2 dozen or so /24s blocked, I started going for /20s and larger. Now I've got two /13s, and a /16 of theirs blocked until Telefonica decides to contact us and discuss the situation with the abuse coming from their network. When providers dont act on abuse, you have to put the pressure on. Sometimes, that means forcing their legit customers to start to complain and thow a fit with their provider over the blocks. Yes, its ugly and unfair, but thats the only way to get them to act. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org