New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Ever heard of being null-routed for being on SBL?
VPSSoldiers
Member
in Providers
So I had a /26 null-routed today for it getting listed on the SBL, though its been a while (up until a few months ago) since I have dealt with a DC directly, has this become normal practice at the DC level?
Comments
nah, your DC sucks and you should cancel your shit. (wow that feels surprisingly like /r/relationships lol)
@William the past two weeks have made me strongly re-consider my decision...
I get that the provider probably doesn't want their IP's tarnished in a blacklist, but null routing you... That's very extreme IMO..
@ATHK I completely agree, as soon as I see an IP listed (as I check blacklists every 2 hours) I do whatever it takes to clear it. This time it was null-routed quicker than I could do anything about it and now they won't re-route me until I clear the SBL.
Dacentec nulled you for having an IP range added to an SBL?
Yes.
I can see it happening if the issue that caused the SBL isn't addressed.
@dacentec
Explain yourself. Why does an SBL listing resort to you nullrouting the customer's entire range? Other innocent customers could be affected.
Secondly, wouldn't dropping port 25 egress on the range suffice?
Is this the first SBL listing on that range?
First time I ever hear about this being done... and it shouldn't be done.
Did they at least warn you beforehand?
I could see that as well,
Its MY first SBL listing ever.
Depends on the case. PM me the ticket#.
I've had 7 abuse tickets with Dacentec (not saying I'm perfect but some customers have slipped through that shouldn't of, and I keep learning from each of the tickets) Its just this time it seems a little extreme to me.
Have I ever heard of a /26 being null routed instantly for an RBL listing?
Take it away Lawrence:
PM Sent.
Which SBL?
http://www.spamhaus.org/sbl/query/SBL273119
You're hosting a spammer by the look of it. They have a handful of other Spamhaus listings so they are probably just worried about an escalation. Spamhaus can be VERY jumpy.
I thought they had some dubious port 25 interception going on anyway so they should be able to block outbound port 25 from your range
Ok, this thread definitely speaks to the "pros" of getting IP space other than provided by your DC.
This is why .review and .faith are blocked entirely on my servers right now. Why do spammers love these TLDs so much?
A DC can still null route IPs announced via its upstreams. It can also filter them on its routers or simply shutdown the ports to the affected server. Or go as far as dropping the advertisements of the IP space.
I would of much rather had that then the current method...
And I understand that, and terminated this person as soon as I saw the notice (and reviewed the information of course) I fight spammers on a weekly basis but its never gone this far.
My biggest thing is getting the rage back online so I can appease the "good" customers who are complaining I did start a connection limit ti port 25 late last week, I'm thinking I need to review my methods there...
Time to start blocking port 25 by default, or if you use OpenVZ use nodewatch to kill most spammers. Someone knows they can get away with using you, you need to make the environment inhospitable for them.
I did, for a long while but they were still getting around it either by lying, or by relaying through another server (which still resulted in abuse tickets from Dacentec) and since its KVM I'm still trying to figure out the best method... I have been working on a script that checks every so often and if there are too many connections in an hour then it blocks the port but its still in testing but shows promise... I was just looking for a better method.
Well, they can, but the incentives are much lower if it's not their IP space that is getting spamhoused.
Any responsible DC would take action against spammers just as a responsible transit provider would take action against someone using their infrastructure for spamming.
Its not just about getting your IPs blacklisted, you don't want your AS blacklisted or ending up on the DNP list.
No responsible person wants to be the conduit for spammers. From the what the OP is posting now, he has been receiving abuse tickets from Dacentec. Clearly this is just an escalation from that.
ColoCrossing have done the same to a range on our VPS node in the past
From blacklists like USGOAbuse, Grays Harbor College, Some guy that sent a ticket to Dacentec (at least I hope its not an Employee)
"This crap is coming at us from something within your infrastructure,
indicating at least one compromise going on. Please come up with
some PERMANENT way to slap a lid on this garbage and keep better
track of where edge users are [perhaps unknowingly] sending mail.
It is getting sent to large mailing LISTS, thus compounding the recipiency
problem. [The lists are hosted through Dreamhost, so ignore everything
about 208.97.132.* as that's just the relay point.] We're talking about
origin point 172.XX.XXX."
and another guy who has an earthlink email just stating that he didn't sign up for the email. Each were dealt with in a timely manner. I still don't see this being cause for null-routing an entire subnet.
Well, I agree that we don't know everything that happened between OP and Dacentec to date. But it sounds like OP wasn't given much of a warning that the "next step" would be null-routing.
@dacentec has re-routed the range back to me. I'm still working to get clarification on the cause of the null route, though initial statement was
I did receive two tickets that day one was the guy from the earthlink address and the other was the one quoted in my last post.