Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)

• Previous message (by thread): Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)
• Next message (by thread): well-known Anycast prefixes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 18, 2019 at 05:02:38PM -0700, Ronald F. Guilmette wrote:
> I generated the following survey, on the fly, last night,
> based on a simple reverse DNS scan of the evidently relevant addrdess
> ranges:
> 
>     https://pastebin.com/raw/WtM0Y5yC
> 
> As anyone who isn't as blind as a bat can easily see, there's a bit of a
> pattern here.  

I finally found time to check this out.  And I have to ask: how in the
heck did anybody accept this operation as a customer?  Because it's
obvious on inspection -- of the information in that paste -- that they're
abusers.  Let me 'splain.

First, domains in certain TLDs should be considered as -- at best --
dubious until proven otherwise, because those TLDs are well-known as
abuse magnets.  Every domain in this sample falls in that category.
Anyone making mass use of domains in those TLDs is up to something
abusive.

Second, anyone making mass requests for PTR records for random subdomains 
is up to something abusive.

Third, anyone mass-registering domains whose names are permutations of
each other is up to something abusive.  (I'm not talking about someone
registering a couple of domains that are plausible typos of a primary one
or engaging in defensive registrations across a few TLDs.  Look at the
list, this is obviously quite different from those cases.)

Fourth, anyone mass-registering domains whose names are intended
to be typo'd and/or misread is up to something abusive.

Anybody doing all of the above is not only up to something abusive,
but they're standing on a rooftop screaming it through a bullhorn.

The word "mass" is key throughout not only because it is a highly reliable
indicator of ensuing abuse but because its nature makes detecting this
up front quite easy.  Once I got to it, it took me less than a minute
of scanning that list to determine that there is absolutely no way I
would accept this operation as a customer.  I recognize that not everyone
everyone has my experience in this area, but surely every operation should
have someone equipped with modest experience and and a skeptical eye who
screens new customers, and, at *minimum*, puts them on hold while some
due diligence takes place.  It's much easier (and cheaper) to refuse
service to operations like this than to deal with the fallout that
will inevitably ensue.  It's also much better for the rest of us.

So: how did these people ever get in the door?

---rsk

• Previous message (by thread): Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)
• Next message (by thread): well-known Anycast prefixes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]