SORBS Scanning (unauthorized)

Dean Anderson dean at av8.com
Fri Apr 1 00:40:23 UTC 2005


Ok, lets get back on topic: (some cisco config for network operators:)

SORBS is relay testing again (see bounce below).  BTW:  for those networks
that only feel comfortable blocking illegal activity, this is a violation
of CAN-SPAM, because the message forges email headers, which is banned.

You can access list the scanners by the following:

  access-list 104 deny ip 203.15.51.42 0.0.0.31 any

Its more effective to block the DNS servers for the blacklist:

  access-list 104 deny ip host 194.109.9.11 any
  access-list 104 deny ip host 194.134.35.168 any
  access-list 104 deny ip host 194.134.35.204 any
  access-list 104 deny ip host 204.152.186.189 any
  access-list 104 deny ip host 203.15.51.34 any
  access-list 104 deny ip host 209.209.1.20 any
  access-list 104 deny ip host 209.142.2.10 any
  access-list 104 deny ip host 194.134.64.74 any
  access-list 104 deny ip host 128.193.0.30 any
  access-list 104 deny ip host 128.193.0.130 any




Date: Wed, 30 Mar 2005 16:48:17 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON at unspecified-domain>
To: postmaster at unspecified-domain, spamtest at citation.av8.net
Subject: Returned mail: Local configuration error

The original message was received at Wed, 30 Mar 2005 16:44:45 -0500
from goliath.sorbs.net [203.15.51.42]

   ----- The following addresses had permanent fatal errors -----
<@[130.105.12.3]:relays at sorbs.net>

   ----- Transcript of session follows -----
554 <@[130.105.12.3]:relays at sorbs.net>... Local configuration error





-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   








More information about the NANOG mailing list