 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
|
| Back to top |
|
 |
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 20 May 2013
Posts: 10271
Location: sunny California
|
 Posted: Sun Mar 08, 2009 3:04 pm Post subject: |
 |
|
Most interesting. That top 10 spammers list also. Sheesh -- one would think since they are known and documented so well, something could be done to stop them, but I guess that's wishful thinking.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.  |
|
| Back to top |
|
|
sotet
Junior Member
Joined: 10 Sep 2004
Last Visit: 31 Jan 2010
Posts: 47
|
| Posted: Sat Mar 14, 2009 10:17 am Post subject: |
|
|
I noticed that one, too, recently, olliver. Thanks for posting it. I have dealt with reporting some of their spam. I would think that many mail admins block all Turkish IPs for obvious reasons.
http://www.matchent.com/wpress/?q=node/446
Say goodbye to Sistemnet? - I hope so as this blog entry asserts.
October 2008 posts about this rogue ISP in InBoxRevenge.
http://ksforum.inboxrevenge.com/viewtopic.php?f=1&t=1761
also interesting to note is they are getting some SBLs removed
| Quote: |
Removed 79.135.179.5/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:06 GMT Ruslan Ibragimov / send-safe.com
secure.send-safe.com SBL70312
Removed 91.208.228.105/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:06 GMT Canadian Pharmacy
Pharma spammers who abuse MS live.com spaces SBL70489
Removed 91.208.228.152/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:03 GMT Criminal botnet-proxy spammers DNS SBL70610
Removed 79.135.168.110/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:03 GMT Botnet C&C control hub SBL71151
Removed 79.135.167.23/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:59 GMT russian bride scam spam SBL71412
Removed 79.135.168.145/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:59 GMT Malware droppers & cybecrime: onlinestatsmanager.com SBL71520
Removed 79.135.187.0/24 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:42 GMT Cybercrime host SBL70016
Removed 79.135.187.38/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:41 GMT Malware droppers SBL70008
Removed 91.208.228.101/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:40 GMT Cybercrime DNS server SBL69945
Removed 79.135.168.60/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:40 GMT Asprox Botnet C&C control hub SBL69765
Removed 79.135.168.38/31 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:40 GMT Cybercrime hostng: el1te-russ1an-g1rls.com etc SBL69635
Removed 91.208.228.2/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:39 GMT Cybercrime hostng: appleability.com etc SBL69632
Removed 79.135.168.36/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:39 GMT Spammer DNS & website hosting SBL68836
Removed 79.135.168.38/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:37 GMT elite-russ1an-girls.net , elite-russian-g1rls.com etc. SBL68835
Removed 79.135.168.24/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:36 GMT google-analitiks.net scam site SBL68804
Removed 79.135.167.59/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:36 GMT Canadian Pharmacy
DNS server for spammer domains SBL67303
Removed 79.135.167.22/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:36 GMT Botnet DDoS spam fraud hub SBL67067
Removed 79.135.167.0/24 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:35 GMT AbdAllah a/k/a istanbultelecom -Ukrainian cybercrime hosting SBL64881
Removed 79.135.167.7/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:35 GMT Canadian Pharmacy
Botnet pharma spammers @ sistemnet SBL64880
|
|
|
| Back to top |
|
|
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
| Posted: Mon Mar 16, 2009 1:05 pm Post subject: |
|
|
| sotet wrote: |
| I would think that many mail admins block all Turkish IPs for obvious reasons. |
Why would a responsible mail admin want to block all of Turkey? This approach makes no sense to me, because you can easily pinpoint rogue networks and block them by merely looking up the ip addresses or routing. By the same logic, admins in Europe should have blocked all US address ranges some time ago, because they were home to Intercage and McColo. When the goal is to stop spam from reaching your user's inboxes, then you adjust your iptables or deny rules for that specific network and move on.
| Quote: |
| Say goodbye to Sistemnet? - I hope so as this blog entry asserts. |
I wouldn't hold my breath:
| Quote: |
44097 SNETTELECOM-AS Sistemnet Telekomunikasyon ve Bilgi Tek. Tic. Ltd. Sti.
Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS9121 TTNET TTnet Autonomous System |
http://www.cidr-report.org/cgi-bin/as-report?as=AS44097
| Quote: |
| also interesting to note is they are getting some SBLs removed |
This can as well be caused by customers moving to another hoster, because they no longer can get through anywhere. As Sistemnet has been on Spamhaus' DROP list for a while, their connectivity to other networks is rather limited and of little use for criminals, unless they use tons of proxy servers to spam through. Sometimes rogue networks "terminate" a customer who was on their "purge" list anyway, because he was generating too many complaints and media attention. Them pretending to do something can keep all those commerce hostile entities from their back for a while (making them happy with a "kill confirmation" and the illusion of being powerful spammer fighters)
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe. |
|
| Back to top |
|
|
sotet
Junior Member
Joined: 10 Sep 2004
Last Visit: 31 Jan 2010
Posts: 47
|
| Posted: Tue Mar 17, 2009 9:31 am Post subject: |
|
|
| Quote: |
| Why would a responsible mail admin want to block all of Turkey? This approach makes no sense to me, because you can easily pinpoint rogue networks and block them by merely looking up the ip addresses or routing. By the same logic, admins in Europe should have blocked all US address ranges some time ago, because they were home to Intercage and McColo. When the goal is to stop spam from reaching your user's inboxes, then you adjust your iptables or deny rules for that specific network and move on. |
*Some* mail admins are very zealous about blocking entire ISPs, those in Turkey or where ever. I am sure a few of such BOFH (mail admins) post on nanae, so if you are familiar with their ramblings, you will see how sensible they can be. A few of them think would think it is reasonable to block a /9 network.
I know what you mean about the US and Europe. If you go by Spamhaus or Spamcop statistics in terms of the volume of spam, North America and Europe are major spam sources. |
|
| Back to top |
|
|
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
| Posted: Wed Mar 18, 2009 1:28 am Post subject: |
|
|
| sotet wrote: |
| olliver wrote: |
| [overzealous blocking policies] |
*Some* mail admins are very zealous about blocking entire ISPs, those in Turkey or where ever. I am sure a few of such BOFH (mail admins) post on nanae, so if you are familiar with their ramblings, you will see how sensible they can be. |
Oh yes.... Some NANAE posters are known for quite simplistic views on the spam problem and think they can interpolate from their 2 users + 3 cats mailswerver that does not send mail to anyone outside a radius of 50 miles to the rest of the world. Their ramblings should not be taken seriously and in general, NANAE should not be considered an authoritative source for solutions to spam problems. Much of these postings are driven by the desire for finding a scapegoat for the poster's inabillity of properly blocking and filtering spam sources. Sometimes this is just a "who's the most relentless spammer fighter" contest, often celebrated by the same entities that keep picking up fights with resident trolls...
Responsible mail admins know about travelling users or other mail from abroad that can be proven useful:
Just think of an abuse notification sent by someone in a blocked /8 range - it may be the only notification about a hacked website being abused by spammers and malware peddlers you'll get...
Often, you simply cannot block mail from an entire country, because the scope of your website/company is global. I for one know I couldn't and didn't want to.
| Quote: |
| I know what you mean about the US and Europe. If you go by Spamhaus or Spamcop statistics in terms of the volume of spam, North America and Europe are major spam sources. |
In the end such "block all of [$continent]" "recommendations" boil down to "the pot calling the kettle black" and don't get much accomplished, except putting off people who really want to do something about preventing spam. Botnet spam is a problem, especially in Europe where port 25 blocking is the exception rather than the rule, but at the same time it's one of the easiest spam sources to get rid of. With Spamhaus' PBL you can stop those in their tracks at SMTP time without wasting processor cycles on content analysis.
Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
