#Date: Fri, 25 Apr 2003 10:39:11 -0500 #From: Jack Bates <jbates@brightok.net> #Subject: Re: Open relays and open proxies #In-reply-to: <1459D594-7731-11D7-BA1C-00039312C852@isc.org> #Message-id: <3EA9569F.6010400@brightok.net> [snip] #Yet how many spams are sent out advertising pr0n and the websites never #cancelled? How many get rich schemes? The last I checked, #no-more-viruses.com was still at it and wasting my time by sending their #filth to every role account I have. And of course, no-more-viruses.com is a perfect example of a domain whose web site obtains transit from that fabulous far eastern "bulletproof ASN", AS9929. For context, AS9929 also has provided transit for hosts from a few other domains you may recognize, such as: -- antiagingway.com -- bannedcd.org -- bargin-inetwork.com -- bestemailoffers.com -- domainsforeveryone.com -- easyvling.com -- eclipseway.com -- edrugsale.com -- edrugshop.net -- emailoffer.us -- fastcasinobuilder.com -- genvia4u.com -- grantgiveawayprogram.com -- interactivepoker.net -- kokiya.com -- kososo.com -- lovingtouches.org -- lowratemortgages.info -- lzzemu.com -- mnjmtech.us -- my-vling.com -- n0hastlem0rtgage.com -- pharmsafe.net -- prescription4you.com -- real-sales.net -- removethisemail.com -- reserveadot.com -- romna.com -- rxmedsovernight.com -- snbm-online.com -- sys-630.com -- twofy.com -- vlingbuy.com -- xeemo.com -- yomsa.com -- yourplace.com.br -- yourvling.com -- zizikey.com -- 9top9.com Based on what I'm seeing from route-views.oregon-ix.net, AS9929 appears to be (primarily) a customer of AS1239 and AS3561. If you are unhappy with AS9929's support role for spammers, you *could* try contacting AS9929 directly (but I wouldn't bother wasting my breath). I believe that to make progress on the let's-go-after-their-web-hosting approach, you'll need to convince AS9929's upstreams, Sprint and Cable and Wireless, to pull the plug (which they probably won't do) or at least convince them to enforce an acceptable use policy on their customers (which they can only do if they're willing to pull the plug for non-compliance, which I don't believe they're willing to do in this case). But hey, I'd love to be proven wrong. Regards, Joe
On Fri, 25 Apr 2003 16:03 (UT), Joe St Sauver <JOE@OREGON.UOREGON.EDU> wrote: | And of course, no-more-viruses.com is a perfect example of a domain | whose web site obtains transit from that fabulous far eastern | "bulletproof ASN", AS9929. For context, AS9929 also has provided | transit for hosts from a few other domains you may recognize {SNIP!} | I believe that to make progress on the let's-go-after-their-web-hosting | approach, you'll need to convince AS9929's upstreams, Sprint and Cable | and Wireless, to pull the plug (which they probably won't do) or at least | convince them to enforce an acceptable use policy on their customers | (which they can only do if they're willing to pull the plug for | non-compliance, which I don't believe they're willing to do in this case). According to the CIDR report there are rather more than two upstreams. Apart from Sprint and Cable and Wireless, they include ... AS1 GNTY-1 Genuity AS2516 KDDI KDDI CORPORATION AS3549 GBLX Global Crossing AS3356 LEVEL3 Level 3 Communications, LLC AS701 ALTERNET-AS UUNET Technologies, Inc. | But hey, I'd love to be proven wrong. I'd love to be able to do that. But I can get to halfway, as I believe those comments are no longer valid where Sprint is concerned. They may have been based on Sprint's historic notoriety, but Sprint has seen major changes in th last year. When I was recently investigating the hijacked /16s, for each case that we identified that was being announced over Sprint, those announcements were filtered by Sprint within *ten minutes* of my initial phone call. That does _not_ sound anything like an abuse-tolerant network to me. As far as Cable and Wireless are concerned, it would be difficult for them to complain of abuse tolerance by a downstream while their own hosting company, Exodus, is considered unresponsive on abuse matters. If they did it would no doubt be a case of "Pot, Kettle, Black Hat"! -- Richard Cox
participants (2)
-
Joe St Sauver -
Richard Cox