Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


email from Holderhost a.k.a. Hostwinds - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

email from Holderhost a.k.a. Hostwinds

2»

Comments

  • doghouchdoghouch Member
    edited November 2015

    @Francisco said:
    ARIN being out

    Still, ARIN being out made IP prices hike... yet again.

    (btw, it would be nice to have some snow falling down in Stallion... would make it more pleasant for the holiday season)

  • Francisco said: The positive is with ARIN being out, spamhaus is becoming a lot more strict on repeat offenders. A lot of innocent people are going to get smacked, but maybe they'll think twice selling that /20 to someone when it ends up with all your ranges listed.

    SWIP range, tell Spamhaus to fuck off, why would it be my problem what a SWIPed customer does with an IP network he owns (read: not rent)?

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited November 2015

    @William said:

    I guess that ties their hands, no way they could escalate the case to force the hand of DC.... >_>

    I'm guessing you're talking mostly about if you're in the RIPE region and you're simply a broker?

    Francisco

  • @William said:
    spamhaus

    Good luck trying to contact a "SpamHaus Support Representative." They f*cked my beautiful /24 and it took 14 months for the removal ._.

  • Francisco said: I guess that ties their hands, no way they could escalate the case to force the hand of DC.... >_>

    I'm guessing you're talking mostly about if you're in the RIPE region and you're simply a broker?

    For example, yes.

    Also, from what i've seen in the last weeks/months, SH is now just a revenge platform anyway that tries to play "internet super hero":

    Case one, an ISP had some listings which took weeks to be removed after SH decided to ignore the SWIP/abuse-c - which was not just SWIP but the actual RIPE LIR owner - and sent abuse to ASN that announces it (scraped from WHOIS, likely not even an abuse email address) which was not replied to and they escalated to a /24+.

    Now, after removal, they found someone else spamming on the same ASN - which is a large DC and said ISP is just a customer of - and guess who they listed? Right, that ISP, not the DC or the owner as per SWIP - They cherry picked the last listed ISP in the same DC and just attributed a /24 from a whole other LIR, with whole other SWIP to them just due to using the same ASN... the abuse was never sent to the IP block owner and they will "escalate" it to this ISPs prefixes at one point without even seeing that this ISP has simply absolutely nothing to do with it...

    Other case - ISP rents out /23 to legitimate customer (verified and shit, even have passport), customer starts spamming after a week - SH lists block and sends abuse, SWIP is removed and prefix nulled/removed from BGP within a few hours (not even 12). Ok, so far. Now contact SH to remove the listing - which gets ignored for 4+ weeks as "punishment" for customer choice while all other tickets from other listings/companies (verified!) are replied to within minutes-hours by senior SH staff...

    Last case for now.... what Fran meant:

    Carrier sells a /16 to ISP A - transfer via RIR, legacy. Transfer completed, RIR DB entry changed.

    ISP A splits this /16 into 4 /18 and sells them to 3 different companies (among them ISP B) - SWIP is changed at RIR while transfer is in progress. Space is transferred and all is good. ISP B sells (not rent) a /21 to a colo customer which is not RIR moved but SWIPed only. ISP B rents a /24 to an end-user which is also SWIPed. End-user sells VPS with /29 (non-SWIPed) to spammer, which gets a single IP listed.

    Simple, daily occurring, case - Now, who should be listed and escalated?

    Correct - imo - would be this:

    SWIP on IP (end-user) (/26 RIPE object, status legacy) - SWIP on /24 - SWIP on /21 - SWIP on /18 - ASN owner

    Done was around this:

    SWIP on /21 listed as owner, abuse sent to /18 owner (largest object in RIR DB, thus their scraper is broken), FWDd contact data of colo customer (as of SWIP) - SWIP on /24 listed, abuse sent to /21 owner (???) - SWIP on /26 listed, finally sent to correct owner...

    tl;dr i don't like SH much.

Sign In or Register to comment.