[linux-elitists] are cursed IPs contagious?

Karsten M. Self kmself@ix.netcom.com
Thu Jan 22 16:49:24 PST 2004


on Thu, Jan 22, 2004 at 07:00:14PM +0100, Eugen Leitl (eugen@leitl.org) wrote:
> 
> It's a bit obscure problem; I figured people here would knew.
> 
> Assuming I run a remailer on another instance of postfix bound to
> another IP on the same eth0 which is bound to wind up in diverse RBLs,
> can my primary IP get hit by friendly fire?
> 
> I don't see how, but then I don't know how IPs wind up in RBLs.

Generally:  yes.

It depends on the specific DNSBL (apparently preferred term, "RBL" is
claimed (tm) by MAPS) listing policy.  There are _many_ DNSBLs.  Typical
listing policies being "known spam source", "known ISP spam range",
"known open proxy", "known dynamic IP range", "known IP in <country>".
All of these are advisory, blocking is done by sites querying these and
applying criteria.


In the case of SPEWS (http://www.spews.org/), if there are unresolved
spam reports in the ISP neighborhood, there's a pretty good chance
you'll end up listed as the listing is escalated (viz:  broadened, to
put increasing pressure on the ISP).

I've been following n.a.n-a.b and n.a.n-a.e on similar issues.  A
typical tale of tears begins "We were just assigned an IP that's on
SPEWS...", or "We're collateral damage of SPEWS...".  These will get
patient explanation of the problem and solution (tell your ISP to shut
down the spammers), but little sympathy.

The general advice is to query your ISP on Usenet, Google, Spamhaus, and
other sources, to get a read of their known issues.  There are a large
number of digital "Love Canals"[1] out there.


You can check L1 (blocked) and L2 (watched) status at:

    host -t txt $REVERSE_IP.l1.spews.dnsbl.sorbs.net
    host -t txt $REVERSE_IP.l2.spews.dnsbl.sorbs.net

...where $REVERSE_IP is the reversed IP in question.  Run this in a
shell script across a range, say:

   for i2 in $( seq 0 255 )
   do
       for i in $( seq 0 8 255 )
       do
           query="<oct1>.<oct2>.$i2.$i"
           echo ">>> $query <<<"
           host -t txt $( reverse_ip ).l1.spews.dnsbl.sorbs.net
           host -t txt $( reverse_ip ).l2.spews.dnsbl.sorbs.net
           echo
       done
   done

The TXT record will indicate the URL of the SPEWS listing for the IP, if
any.

I use the following bash function to reverse IPs:

    function reverse_ip {  
        HOST="$1"
        echo $HOST |
            sed -e 's/\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)/\4.\3.\2.\1/'
    }


Peace.

--------------------
Notes:

1.  Love Canal was a housing development in Niagra Falls, NY, built over
    the former site of a shipping canal, which had been filled with
    toxic wastes in the 1940s and 50s.  Many health and developmental
    problems were noted among residents.  The term is synonymous with
    the term "toxic waste dump" in the US.  Home buyers in the
    development were buying toxic legacy of those who'd come before --
    through no fault of their own -- much as new assignees of IPs in
    known SPEWs blocks are being sold worthless properties.  It was a
    watershed incident in US toxics history.

    http://www.globalserve.net/~spinc/atomcc/lovecana.htm


-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Geek for hire:  http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040122/60d9c5e6/attachment.pgp 


More information about the linux-elitists mailing list