Comments on: Internet ghost-towns: the blocked IPs where the bad guys used to live http://boingboing.net/2009/11/13/internet-ghost-towns.html Brain candy for Happy Mutants Mon, 20 May 2013 21:47:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: hancocks http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635921 hancocks Wed, 30 Nov -0001 00:00:00 +0000 #comment-635921 They should block those IP addresses, then unblock them, then block them again, then unblock them... pretty much at random. That way, they'll be providing about the same level of service as my local ISP...sigh... They should block those IP addresses, then unblock them, then block them again, then unblock them… pretty much at random.

That way, they’ll be providing about the same level of service as my local ISP…sigh…

]]> By: pelrun http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635670 pelrun Wed, 30 Nov -0001 00:00:00 +0000 #comment-635670 Sounds like the perfect method to motivate people to transition across to IPv6 :D Sounds like the perfect method to motivate people to transition across to IPv6 :D

]]> By: Halloween Jack http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635703 Halloween Jack Wed, 30 Nov -0001 00:00:00 +0000 #comment-635703 Ironically, it seems like block lists are propagated, and persist, not unlike spam lists. Ironically, it seems like block lists are propagated, and persist, not unlike spam lists.

]]> By: Agies http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635705 Agies Wed, 30 Nov -0001 00:00:00 +0000 #comment-635705 Not really. IPv6 doesn't provide any sort of real solution for this. Not really. IPv6 doesn’t provide any sort of real solution for this.

]]> By: Antinous / Moderator http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635964 Antinous / Moderator Wed, 30 Nov -0001 00:00:00 +0000 #comment-635964 Yeah, I'm looking at you, IPs that start with 58 or 59. Yeah, I’m looking at you, IPs that start with 58 or 59.

]]> By: dculberson http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635771 dculberson Wed, 30 Nov -0001 00:00:00 +0000 #comment-635771 Just quantity. Yeah, eventually you'd run into the same problem - but it'll be the next generation's problem. ;-) Just quantity. Yeah, eventually you’d run into the same problem – but it’ll be the next generation’s problem. ;-)

]]> By: manicbassman http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635783 manicbassman Wed, 30 Nov -0001 00:00:00 +0000 #comment-635783 shouldn't be blocking IP addresses anyway... they should be blocking domain names and do a DNS lookup every day to get the latest IP for the domain... simple really... when you get an active spammer, then reverse DNS to get the domain, then add that domain to the blocklist... then everyday, repopulate a temporary IP list using DNS lookups of the blocked domains... I'm convinced some admins are just to lazy to write a simple script to run every day... shouldn’t be blocking IP addresses anyway… they should be blocking domain names and do a DNS lookup every day to get the latest IP for the domain…

simple really… when you get an active spammer, then reverse DNS to get the domain, then add that domain to the blocklist… then everyday, repopulate a temporary IP list using DNS lookups of the blocked domains…

I’m convinced some admins are just to lazy to write a simple script to run every day…

]]> By: Todd Knarr http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635799 Todd Knarr Wed, 30 Nov -0001 00:00:00 +0000 #comment-635799 #5: the problem is that DNS lookups are per-address or per-host, not per-domain. Certainly I can go from the address of the spamming host to it's DNS name, and I can probably trim that to get just the domain, but from that there's no way to reliably translate that into an IP address block. There's in principle a way, if the spammer's set up some special records correctly and accurately, but they probably didn't. And it's fairly easy for them to make the domain name resolve to an address that's got nothing to do with the IP range they're really coming from. So the only thing I've really got that I can use is the IP block containing the IP address of the host they used. #5: the problem is that DNS lookups are per-address or per-host, not per-domain. Certainly I can go from the address of the spamming host to it’s DNS name, and I can probably trim that to get just the domain, but from that there’s no way to reliably translate that into an IP address block. There’s in principle a way, if the spammer’s set up some special records correctly and accurately, but they probably didn’t. And it’s fairly easy for them to make the domain name resolve to an address that’s got nothing to do with the IP range they’re really coming from. So the only thing I’ve really got that I can use is the IP block containing the IP address of the host they used.

]]> By: Anonymous http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-636090 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-636090 I ran into this when I went with a low cost colo provider. It took a year to get my IP unblacklisted. and Many many attempts. Its like anti virus, the companys that run blacklists have better credence if there databases are larger. So they have little motivation to de-list an IP once they have it. I ran into this when I went with a low cost colo provider. It took a year to get my IP unblacklisted. and Many many attempts. Its like anti virus, the companys that run blacklists have better credence if there databases are larger. So they have little motivation to de-list an IP once they have it.

]]> By: Anonymous http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635838 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-635838 With services like Ring Central and Google Voice, the same thing will happen with phone numbers. I've blocked a number of telemarketing phone numbers -- years from now, when someone legit has the number, they will not be able to call me. With services like Ring Central and Google Voice, the same thing will happen with phone numbers. I’ve blocked a number of telemarketing phone numbers — years from now, when someone legit has the number, they will not be able to call me.

]]> By: mdh http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635865 mdh Wed, 30 Nov -0001 00:00:00 +0000 #comment-635865 They should ask urban planners for advice. Seriously. They should ask urban planners for advice. Seriously.

]]> By: Antinous / Moderator http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-636899 Antinous / Moderator Wed, 30 Nov -0001 00:00:00 +0000 #comment-636899 I've been gray-listed within the last two years, as have Xeni and David. And probably more of us that I don't know about. I think that anyone who does a fair amount of online business will be accidentally (or vengefully) tagged enough times to have the occasional problem. I’ve been gray-listed within the last two years, as have Xeni and David. And probably more of us that I don’t know about. I think that anyone who does a fair amount of online business will be accidentally (or vengefully) tagged enough times to have the occasional problem.

]]> By: Anonymous http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-636644 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-636644 Spam blacklists fail in one very specific way, and thats that spam scores need to reflect the user population density of a netblock. As there is no way of telling how many physical discrete people use a specific netblock to send email, there is no way of coming up with accurite spam scores and metrics. This is why webhosts, esp. ones with large mail clusters, get very very badly dinged as far as mail delivery. A webhost with 10,000 customers using it's mail servers is most likely going to have worse of a spam score than a spam producing business with it's own netblock (spam producing business != buisness of producing spam). Spam blacklists fail in one very specific way, and thats that spam scores need to reflect the user population density of a netblock. As there is no way of telling how many physical discrete people use a specific netblock to send email, there is no way of coming up with accurite spam scores and metrics.

This is why webhosts, esp. ones with large mail clusters, get very very badly dinged as far as mail delivery. A webhost with 10,000 customers using it’s mail servers is most likely going to have worse of a spam score than a spam producing business with it’s own netblock (spam producing business != buisness of producing spam).

]]> By: octopod http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635878 octopod Wed, 30 Nov -0001 00:00:00 +0000 #comment-635878 not Argleton in lancashire then, meh. not Argleton in lancashire then, meh.

]]> By: codeman38 http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635880 codeman38 Wed, 30 Nov -0001 00:00:00 +0000 #comment-635880 I've even seen this happen on a more short-term basis: A hosting company has several clients who try running spambots. Within a day, the spammers' accounts have already been cancelled by the host. But by that time, the IP block has already been added to several blacklists. It's particularly bad when you're dealing with a single SMTP server that's shared between several web sites, as some hosting companies tend to do. I’ve even seen this happen on a more short-term basis: A hosting company has several clients who try running spambots. Within a day, the spammers’ accounts have already been cancelled by the host. But by that time, the IP block has already been added to several blacklists. It’s particularly bad when you’re dealing with a single SMTP server that’s shared between several web sites, as some hosting companies tend to do.

]]> By: Anonymous http://boingboing.net/2009/11/13/internet-ghost-towns.html#comment-635903 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-635903 @manicbassman: ... and what happens when there is no reverse DNS? Nobody is under any obligation to set up an IP to name mapping. @manicbassman: … and what happens when there is no reverse DNS? Nobody is under any obligation to set up an IP to name mapping.

]]>