Public reminder to the APEWS maintainers

15 views
Skip to first unread message

Claus v. Wolfhausen

unread,
Aug 9, 2007, 9:58:56 AM8/9/07
to
Reading <slrnfbjr7d.2b7...@atlantis.supernews.net> and thinking
about, i have to say Andrew is right:

It's bad for UCEPROTECT's reputation how you behave at this time.
I'm no longer willig to tolerate this.

You are given till Monday 13.August 2007 to clean up your mess.
If you do not, i will shutdown your zones at UCEPROTECT-Network.

There will be no further warning.

What i would consider bad is:

1. You don't show "real evidences".
AS-Number or "unprofessional/negligent owner" are not an evidence.
Multiple persons have told you, but your descriptions are still
complete useless.
To get a clue how a good description might look see how SPEWS did:
http://www.spews.org/html/S414.html

2. Path of escalation is not visible in your listings.
Listing a /11 without any prior smaller listing is *not* an escalation,
it just shows you have no clue how to maintain a DNSBL.

3. You're listing IP-Space not even allocated.
I found that investigating what's up with that 38% of all IPv4 IP-space.
Are you totally screwup?

4. You're listing /19's where i'm unable to find a handfull abusers looking up
the UCEPROTECT-lists.
1 or 2 trojaned machines can't be a reason to list a /19
It is inacceptable to attempt to get users to complain to providers,
if these providers are doing their job very well.

5. You are abusing other sources even after you were told you shouldn't do so.
See: http://isc.sans.org/diary.html?storyid=3189

--
Claus von Wolfhausen
UCEPROTECT-Projektleitung
http://www.uceprotect.net

--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.

Daryl Hunt

unread,
Aug 9, 2007, 1:18:21 PM8/9/07
to

"Claus v. Wolfhausen" <use-reply-...@remove-this.com> wrote in
message news:f9f4j3$okg$2...@ulm.shuttle.de...

Well, that's a start in the right direction for your system. I doubt very
much if it will affect apews one iota though. Doing the right thing may be
in your cards but I don't see it being played on their table.

E-Mail Sent to this address will be added to the BlackLists

unread,
Aug 9, 2007, 9:20:24 PM8/9/07
to
Claus v. Wolfhausen wrote:
> Reading <slrnfbjr7d.2b7...@atlantis.supernews.net>
> and thinking about, i have to say Andrew is right:
>
> It's bad for UCEPROTECT's reputation how you behave at
> this time. I'm no longer willig to tolerate this.
>
> You are given till Monday 13.August 2007 to clean up your
> mess. If you do not, i will shutdown your zones at
> UCEPROTECT-Network.
>
> There will be no further warning.

While not disagreeing with anything you say below
(in fact agreeing with most of it)

This is the 2nd time, when reading a post from a
UCEPROTECT maintainer, where the first thing that came
to my mind is, that they appear to be having a case of
public marionette syndrome.


> What i would consider bad is:
>
> 1. You don't show "real evidences".
> AS-Number or "unprofessional/negligent owner" are not an
> evidence.

I doubt they are intended to be more than a description / note.


> Multiple persons have told you, but your descriptions are
> still complete useless.
> To get a clue how a good description might look see how
> SPEWS did: http://www.spews.org/html/S414.html

Certainly provided more information that enabled others
to more easily perform research.


> 2. Path of escalation is not visible in your listings.
> Listing a /11 without any prior smaller listing is *not*
> an escalation, it just shows you have no clue how to
> maintain a DNSBL.
>
> 3. You're listing IP-Space not even allocated.
> I found that investigating what's up with that 38% of
> all IPv4 IP-space. Are you totally screwup?

Might be intentional (although incomplete)
e.g. 2.0.0.127.bogons.cymru.com cymru.com/Bogons/


> 4. You're listing /19's where i'm unable to find a
> handfull abusers looking up the UCEPROTECT-lists.

Everyone's view of where abuse is coming from is different,
otherwise all DNSbls would be listing all the same IPs.


> 1 or 2 trojaned machines can't be a reason to list
> a /19

I'd say that depends a lot on how long those trojaned
machines are allowed to exist in that netspace.


> It is inacceptable to attempt to get users to complain
> to providers, if these providers are doing their job
> very well.

(Shrug) if they are doing their job very well, their abuse
dept. likely just ignores the wingnuts.


--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

huey.c...@gmail.com

unread,
Aug 10, 2007, 6:17:46 AM8/10/07
to
E-Mail Sent to this address will be added to the BlackLists <Nu...@blacklist.anitech-systems.invalid> wrote:

> Claus v. Wolfhausen wrote:
> > 1 or 2 trojaned machines can't be a reason to list
> > a /19
> I'd say that depends a lot on how long those trojaned
> machines are allowed to exist in that netspace.

No. Single-digit percentages of the internet are trojanned. Netblocks
that are trojan-infected at a rate of hundredths of a percent are the
ones that SHOULDN'T be blocked, and if you think that they should, you
should probably just list 0/0 and whitelist your friends. ...assuming
they aren't trojanned, that is.

> > It is inacceptable to attempt to get users to complain
> > to providers, if these providers are doing their job very well.
> (Shrug) if they are doing their job very well, their abuse
> dept. likely just ignores the wingnuts.

If it's not okay for spammers to waste peoples' time and resources, why
is it okay for wingnut complainers to do so?

--
Huey

warren...@gmail.com

unread,
Aug 10, 2007, 8:03:34 AM8/10/07
to
On Aug 10, 11:17 am, huey.calli...@gmail.com wrote:

Warren

This is totally unacceptable as I support many sites and a lot are
getting listed with no reason. There is no proper process to remove
yourself. This should not be listed in the first place :(

1urk3r

unread,
Aug 11, 2007, 7:10:47 AM8/11/07
to
On Aug 10, 5:17 am, huey.calli...@gmail.com wrote:

> E-Mail Sent to this address will be added to the BlackLists <N...@blacklist.anitech-systems.invalid> wrote:
>
> > Claus v. Wolfhausen wrote:
> > > 1 or 2 trojaned machines can't be a reason to list
> > > a /19
> > I'd say that depends a lot on how long those trojaned
> > machines are allowed to exist in that netspace.
>
> No. Single-digit percentages of the internet are trojanned. Netblocks
> that are trojan-infected at a rate of hundredths of a percent are the
> ones that SHOULDN'T be blocked, and if you think that they should, you
> should probably just list 0/0 and whitelist your friends. ...assuming
> they aren't trojanned, that is.
>
> > > It is inacceptable to attempt to get users to complain
> > > to providers, if these providers are doing their job very well.
> > (Shrug) if they are doing their job very well, their abuse
> > dept. likely just ignores the wingnuts.
>
> If it's not okay for spammers to waste peoples' time and resources, why
> is it okay for wingnut complainers to do so?
>

if you can come up with a way to
terminate the wingnuts, we're all ears.

i know who i'd start with, too :)


adam

--

lart...@yahoo.com

unread,
Aug 11, 2007, 10:38:24 AM8/11/07
to
On Aug 9, 7:58 am, use-reply-to-mail...@remove-this.com (Claus v.
Wolfhausen) wrote:
> Reading <slrnfbjr7d.2b7.andrew+non...@atlantis.supernews.net> and thinking

> about, i have to say Andrew is right:
>
> It's bad for UCEPROTECT's reputation how you behave at this time.
> I'm no longer willig to tolerate this.
>
> You are given till Monday 13.August 2007 to clean up your mess.
> If you do not, i will shutdown your zones at UCEPROTECT-Network.
>
> There will be no further warning.
>
> What i would consider bad is:
>
> 1. You don't show "real evidences".
> AS-Number or "unprofessional/negligent owner" are not an evidence.
> Multiple persons have told you, but your descriptions are still
> complete useless.
> To get a clue how a good description might look see how SPEWS did:http://www.spews.org/html/S414.html
>
> 2. Path of escalation is not visible in your listings.
> Listing a /11 without any prior smaller listing is *not* an escalation,
> it just shows you have no clue how to maintain a DNSBL.
>
> 3. You're listing IP-Space not even allocated.
> I found that investigating what's up with that 38% of all IPv4 IP-space.
> Are you totally screwup?

<SNIP>

Does UCEPROTECT still blindly escalate listings to a /16 without
checking to see whether some of the /16 is a completely unrelated
allocation?
Unless you have fixed that, it is a bit hypocritical to complain about
irresponsible listing of wide ranges of IP space.

Reply all
Reply to author
Forward
0 new messages