Even if I wanted to do this, I don't think I could take the performance hit running an access list that large on my incoming ports would create. I think in order to be able to handle that kind of filtration, he must be an insignificant smaller provider. A larger provider doesn't have the spare cycles in the router to handle it. Owen
I see the following kind of message on a regular basis. How long before this kind of thing starts to cause significant problems? And lest you say that xmission.com is only a small unimportant provider, I've seen much larger ones also saying they do this and not everybody is as selective about only blocking one port.
Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
---------- Forwarded message ---------- Date: Wed, 21 Aug 1996 15:38:19 -0600 (MDT) From: Pete Ashdown <pashdown@xmission.com> Reply-To: inet-access@earth.com To: inet-access@earth.com Subject: *** MAKE SPAM@INTERRAMP.COM DIE FAST!!! *** Resent-Date: Wed, 21 Aug 1996 15:39:02 -0600 (MDT) Resent-From: inet-access@earth.com
We have seen an inordinate amount of spam email sourcing from Interramp.com and their customers. Despite frequent attempts to notify KEN ANDREWS, PSI, or any living soul at Interramp, our pleas have gone unanswered. As a result, *ALL* SMTP mail traffic from Interramp's networks has been blocked at the router level here.
I would encourage *EVERY* responsible ISP to do the same. Interramp does not appear to care about spam problems, and in fact has become a haven for this type of crap due to their complicity.
The following is instructions on how to block Interramp SMTP traffic on a Cisco:
Make an extended IP access list:
access-list 120 deny tcp 38.8.23.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.8.31.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.8.45.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.8.65.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.9.51.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.10.1.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.10.2.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.10.3.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.10.4.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.10.5.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.10.220.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.72.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.122.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.183.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.189.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.194.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.207.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.208.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.209.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.210.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.215.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.217.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.224.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.226.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.227.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.229.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.230.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.231.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.237.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.243.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.11.244.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.81.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.93.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.126.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.128.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.138.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.140.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.156.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.157.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.158.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.178.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.179.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.190.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.205.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.206.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.208.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.209.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.234.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.12.243.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.101.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.110.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.126.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.128.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.138.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.140.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.142.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.35.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.36.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.37.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.40.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.45.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.74.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.79.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.14.82.0 0.0.0.255 eq smtp any access-list 120 deny tcp 38.26.44.0 0.0.0.255 eq smtp any access-list 120 ip permit all all
Due to the fact that Interramp's networks are not contiguous in any apparent way, you have to block each one on a class C basis. If anyone sees any evidence otherwise, please let me know. Of course, it wouldn't be a bad idea to block all of 38.0.0.0 because PSI hasn't been cooperative either.
After the list is created, add it to your incoming interfaces with:
ip access-group 120 in
The 120 is arbitrary, it can be anything in the extended IP access-list range.
============================== ISP Mailing List ============================== Email ``unsubscribe'' to inet-access-request@earth.com to be removed. Don't post messages that just say ``me too''.