Internet ghost-towns: the blocked IPs where the bad guys used to live

Discuss

16 Responses to “Internet ghost-towns: the blocked IPs where the bad guys used to live”

  1. hancocks says:

    They should block those IP addresses, then unblock them, then block them again, then unblock them… pretty much at random.

    That way, they’ll be providing about the same level of service as my local ISP…sigh…

  2. pelrun says:

    Sounds like the perfect method to motivate people to transition across to IPv6 :D

  3. Halloween Jack says:

    Ironically, it seems like block lists are propagated, and persist, not unlike spam lists.

  4. Antinous / Moderator says:

    Yeah, I’m looking at you, IPs that start with 58 or 59.

  5. manicbassman says:

    shouldn’t be blocking IP addresses anyway… they should be blocking domain names and do a DNS lookup every day to get the latest IP for the domain…

    simple really… when you get an active spammer, then reverse DNS to get the domain, then add that domain to the blocklist… then everyday, repopulate a temporary IP list using DNS lookups of the blocked domains…

    I’m convinced some admins are just to lazy to write a simple script to run every day…

  6. Todd Knarr says:

    #5: the problem is that DNS lookups are per-address or per-host, not per-domain. Certainly I can go from the address of the spamming host to it’s DNS name, and I can probably trim that to get just the domain, but from that there’s no way to reliably translate that into an IP address block. There’s in principle a way, if the spammer’s set up some special records correctly and accurately, but they probably didn’t. And it’s fairly easy for them to make the domain name resolve to an address that’s got nothing to do with the IP range they’re really coming from. So the only thing I’ve really got that I can use is the IP block containing the IP address of the host they used.

  7. Anonymous says:

    I ran into this when I went with a low cost colo provider. It took a year to get my IP unblacklisted. and Many many attempts. Its like anti virus, the companys that run blacklists have better credence if there databases are larger. So they have little motivation to de-list an IP once they have it.

  8. Anonymous says:

    With services like Ring Central and Google Voice, the same thing will happen with phone numbers. I’ve blocked a number of telemarketing phone numbers — years from now, when someone legit has the number, they will not be able to call me.

  9. mdh says:

    They should ask urban planners for advice. Seriously.

  10. Antinous / Moderator says:

    I’ve been gray-listed within the last two years, as have Xeni and David. And probably more of us that I don’t know about. I think that anyone who does a fair amount of online business will be accidentally (or vengefully) tagged enough times to have the occasional problem.

  11. octopod says:

    not Argleton in lancashire then, meh.

  12. codeman38 says:

    I’ve even seen this happen on a more short-term basis: A hosting company has several clients who try running spambots. Within a day, the spammers’ accounts have already been cancelled by the host. But by that time, the IP block has already been added to several blacklists. It’s particularly bad when you’re dealing with a single SMTP server that’s shared between several web sites, as some hosting companies tend to do.

    • Anonymous says:

      Spam blacklists fail in one very specific way, and thats that spam scores need to reflect the user population density of a netblock. As there is no way of telling how many physical discrete people use a specific netblock to send email, there is no way of coming up with accurite spam scores and metrics.

      This is why webhosts, esp. ones with large mail clusters, get very very badly dinged as far as mail delivery. A webhost with 10,000 customers using it’s mail servers is most likely going to have worse of a spam score than a spam producing business with it’s own netblock (spam producing business != buisness of producing spam).

  13. Anonymous says:

    @manicbassman: … and what happens when there is no reverse DNS? Nobody is under any obligation to set up an IP to name mapping.

Leave a Reply