SORBS Insanity

Jeremy Kister nanog-list at jeremykister.com
Thu Apr 15 03:09:27 UTC 2004


I became aware that just about all of 64.115.0.0/16, a network that I (among
others) run, has been listed as "dynamic ip space" in sorbs as of April 2nd.
On
April 6th I sent my first email (via web-form) to sorbs telling them they
were
mistaken.  Finding no documentation on how they deem networks "dynamic" or
"static" I changed my rDNS scheme from ppp-64-115-x-x to 64-115-x-x  Note
to all: "ppp" in no way signifies dial-up; we run ppp over almost every
circuit we have -- from dialup to OC12, to Ethernet and ATM.

I also stated how all of our network was scanned twice a day for open-relay
mail servers.  Being a bigish ISP, we are _huge_ on our abuse policies, and
our abuse bucket [usually] has only memories of tumbleweed blowing by.

On april 10th I again wrote, only to be ignored further.

Yesterday, April 13th, One of my customers opened a trouble ticket stating
that he had successfully received a response from SORBS, and had forwarded
me the conversation.  I sent an email to duhl at sorbs.net (the author of the
email) quoting what they had written one of my customers.  They said to my
customer that I had to either provide custom reverse DNS for each customer
who was not dynamic, or I had to provide sorbs with POCs for all my
non-dynamic customers.  I stated how this was absurd, and that there was
already a functioning medium for this task -- rwhois.

In this same email, I also stated:
 1.  exactly which 64.115 networks were dynamic
 2.  that to prevent further hysteria, I had changed the reverse dns from
      ppp-64-115-x-x to static-64-115-x-x and dynamic-64-115-x-x,
      respectively.
 3.  their blindness was very unprofessional, deeming SORBS a Worthless
      Project ran by Ignorant Half-Wits

As of this date I have not received a response from anyone at sorbs, and do
not expect one.   Our support crew is overwhelmed with upset customers who
cant send email to their associates.  Our only response to them is that we
have tried to resolve the issue, but could not, and that the remote ISP
should stop using sorbs.

I am upset that they blindly blacklisted most of 64.115.0.0/16 because some
of the reverse dns was generic.  64.115.47.0/25, for example, hasnt very
much
generic rDNS at all, but was blacklisted just the same.

I hope all stop using SORBS.  I especially hope Mr. Vixie reconsiders his
helpfulness to such a harmful organization.

For google: <a href="http://www.sorbs.net">A Worthless Project</a>


Jeremy Kister
www.jeremykister.com/jeremy/
Argus: The World's Most Advanced Monitoring Software:
http://argus.tcp4me.com




More information about the NANOG mailing list