[Dshield] Most absurd

mike harrison meuon at highertech.net
Thu Oct 23 12:47:38 GMT 2003


> One wonders how much spam originates from AT&T's ISP networks...

Our experience with ATT's network being anti-spam is pretty good, 

Our SpamDamn has only blocked a few 12.x networks recently, 
we identify and block ip address ranges based on some
velocity and content rules, over the last few days it shows: 


grep \ 12. iptables.history
/sbin/iptables -p tcp -A INPUT -s 12.39.189.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 22 19:36:52|||
/sbin/iptables -p tcp -A INPUT -s 12.39.189.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 22 23:12:00|||
/sbin/iptables -p tcp -A INPUT -s 12.242.182.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 23 00:40:52|||
/sbin/iptables -p tcp -A INPUT -s 12.39.189.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 23 01:01:33|||
/sbin/iptables -p tcp -A INPUT -s 12.224.87.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 23 03:02:31|attbi.com|12-224-87-84.client.attbi.com|
/sbin/iptables -p tcp -A INPUT -s 12.224.87.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 23 03:53:43|attbi.com|12-224-87-84.client.attbi.com|
/sbin/iptables -p tcp -A INPUT -s 12.235.0.0/24  -d 0/0 --dport 25 -j DROP # |Oct 23 04:02:16|attbi.com|12-235-0-252.client.attbi.com|
/sbin/iptables -p tcp -A INPUT -s 12.242.165.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 23 04:03:38|||
/sbin/iptables -p tcp -A INPUT -s 12.224.87.0/24  -d 0/0 --dport 25 -j DROP  # |Oct 23 05:27:02|attbi.com|12-224-87-84.client.attbi.com|


[root at inbound spamdamn]# whois 12.39.189.0
[Querying whois.arin.net]
[whois.arin.net]
AT&T WorldNet Services ATT (NET-12-0-0-0-1) 
                                  12.0.0.0 - 12.255.255.255
CLASSIC CABLE INC. CLASSIC-42-189-0 (NET-12-39-189-0-1) 
                                  12.39.189.0 - 12.39.189.7







More information about the list mailing list