Another DNS blacklist is taken down

Chris Lewis clewis at nortelnetworks.com
Wed Sep 24 20:38:56 UTC 2003


Jack Bates wrote:

> 
> Mark Segal wrote:
> 
>>
>> I think some RBLs might get better responses from the ISPs when they stop
>> taking "collateral damage gets the abuse department's attention" 
>> attitudes..
>> Some RBLs cause many providers a LOT of headaches, so it is not 
>> surprising
>> that when it is their turn to complain, the ISPs will just say: post to
>> abuse.ddos.isp.net and we might get around to fixing it. :).

It's useful to be careful in how we define collateral damage here. 
Collateral damage can include, for example, non-spam email coming from a 
spammer's site.

In this context, we're talking about _escalation_ of listings outside of 
the demonstrated spamming/abusive/insecure IPs.

> monkey's had no collateral damage issues until PHL was released due to 
> non-response from ISP's.

The PHL is the escalation.

> openrbl.org does not host a blacklist and thus cannot have collateral 
> damage.
> 
> SBL is famous for it's lack of collateral damage.

SBL does escalation, but rarely. (WCG, Chinanet for example).

> ordb is specialized and has had no collateral damage issues.

ORDB does not escalate.  Has it been DDOS'd?  Pointless, open relay 
blacklists are virtually useless these days.

SPEWS escalates (obviously).

The DDOS's have been against SPEWS, SBL and Monkeys.  Most of the other 
targets were re-publishers/distributors of SPEWS (ie: SORBS, Osirus, 
openrbl.org). Each of the three are _very_ public targets and generate 
lots of chatter/discussion on NANAE.  Monkeys of course has RFG behind 
it and all that denotes.




More information about the NANOG mailing list