Well, there is always the bogon-list from Team Cymru http://www.cymru.com/Documents/bogon-bn-agg.txt And the bogon-list from BGPmon http://bgpmon.net/showbogons.php?inet=4&global=yes&private=yes Both containing prefixes that should not be announced on the internet, but often used by spammers trying to deliver their content. -------- Original message -------- Subject: RE: spamhaus drop list Date: Tue, 16 Jun 2009 14:00:51 -0400 From: Quinn Mahoney <quinn@activehost.com> To: <nanog@nanog.org>
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist?
-- With kind regards, Michiel Klaver BA.ict GrafiX Internet B.V. Stationsplein 20 2907 MJ Capelle aan den IJssel The Netherlands Web: http://grafix.nl/ Tel: +31-(0)10-2640210 Fax: +31-(0)10-2640211 Providing high-end professional internet services at our privately owned net-neutral in-house Data Center Facilities in Capelle aan den IJssel and Alphen aan den Rijn. Connected at TeleCityRedbus2 (Amsterdam) and Spaanse Kubus (Rotterdam).
Hi!
Both containing prefixes that should not be announced on the internet, but often used by spammers trying to deliver their content.
When did you experience this last time, this is not what we see on various antispam projects. So if you have new information, please share, we didnt see bogons used a lot at least the last 12 months. Drop list is a completely different thing, and effective, but also effective to loos legitimate mails, the blocks inside there are too wide. I would not recommend people putting that inside iptables or something ;) Bogon filtering is something that should be considered common practice. So your borders or upstreams should take care of that ;) Bye, Raymond.
Traffic from bogon IP space is more likely than anything else to be the result of misconfiguration rather than a spammer abusing it. The cymru bogons list and the spamhaus drop list target two entirely distinct issues and they shouldnt be confused together. On Wed, Jun 17, 2009 at 2:14 PM, Michiel Klaver<m.klaver@grafix.nl> wrote:
Well, there is always the bogon-list from Team Cymru
http://www.cymru.com/Documents/bogon-bn-agg.txt
And the bogon-list from BGPmon
http://bgpmon.net/showbogons.php?inet=4&global=yes&private=yes
Both containing prefixes that should not be announced on the internet, but often used by spammers trying to deliver their content.
On Wed, 17 Jun 2009, Suresh Ramasubramanian wrote:
The cymru bogons list and the spamhaus drop list target two entirely distinct issues and they shouldnt be confused together.
Correct. And whatever list you use, for whatever purpose, at the time you start using it also set up a process to update it or age old entries. Don't wait until later. Those lists will be there long after you forget about it, and maybe even longer than you; and it will save you or your successor a lot of troubleshooting headaches.
On Thu, Jun 18, 2009 at 5:29 AM, Sean Donelan<sean@donelan.com> wrote:
On Wed, 17 Jun 2009, Suresh Ramasubramanian wrote:
The cymru bogons list and the spamhaus drop list target two entirely distinct issues and they shouldnt be confused together.
Correct. And whatever list you use, for whatever purpose, at the time you start using it also set up a process to update it or age old entries. Don't wait until later.
Those lists will be there long after you forget about it, and maybe even longer than you; and it will save you or your successor a lot of troubleshooting headaches.
.. and to sanity check the fallout of fat fingers, bitrot or whatever (like where you set out to block a /24 but end up blocking a /2 instead) -- Suresh Ramasubramanian (ops.lists@gmail.com)
participants (4)
-
Michiel Klaver
-
Raymond Dijkxhoorn
-
Sean Donelan
-
Suresh Ramasubramanian