misunderstanding scale

Barry Shein bzs at world.std.com
Thu Mar 27 17:47:49 UTC 2014


On March 26, 2014 at 22:17 owen at delong.com (Owen DeLong) wrote:
 > 
 > Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.

Hang on, do spammers "grab" address blocks?

Ok, I'm sure it happens, this is not an existence proof.

But is that really a significant characterization of their behavior?

That they go to an RIR or ISP and get an address block allocation?

I mean post-Ralsky (almost obscure historical spam reference.)

It seems like ALL the spam I see is purloined resources: botnets,
unauthorized use of (usually misconfigured) mail servers, web software
holes, free sites in general (such as google groups but also those
"community" free sites), etc.

I suppose this is the place where someone just says: "Yes, Barry, it
is" and considers the matter settled but it sure doesn't match my
experience.

We block a lot of /24s (like about 150,000 right now) and even a few
larger chunks but not because they're owned by spammers but because
they're repeatedly ABUSED by spammers.

But unfortunately they're just about always owned by people/companies
who believe they're legitimate but just can't seem to keep the
spammers from abusing them over and over. And the chance of ham from
them is so slight that one just blocks them wholesale.

Well, maybe for the purpose of this discussion it's the same thing,
how do you block blocks which are being abused or you want to block
for whatever reason.


-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*



More information about the NANOG mailing list