[Dshield] Spamhouse now listing exploited IPs in new blocklist

Tony Earnshaw tonye at billy.demon.nl
Thu Jan 15 09:36:01 GMT 2004

ons, 14.01.2004 kl. 21.14 skrev Brad Spencer:

> Look at proxy port abuse as an example, and look only at port 1080 as a 
> subset of that.  If ISPs would watch outgoing and incoming traffic directed 
> to port 1080 the ISPs would see a great deal of suspicious activity.  They 
> could then do a simple follow-through on that (for traffic from their own 
> space) or report the traffic to the ISP of the source IP (for incoming 
> traffic.)  That ISP could then watch the source.  When the conclusion is 
> reached that the IP is a source of spam then the ISP could terminate all 
> service for that customer.

I realize I shouldn't pick and choose points, but just on the above ...
so that US citizens understand, there is a general European (including
the UK and Holland, Germany and other counties) attitude to privacy
protection, apart from where a national security agency has given an ISP
a written directive to monitor traffic from a given CIDR.

I've raised your point earlier with my own, large, Dutch, ISP (IMHO a
particularly good one) and it was laughed out by a particularly
knowledgeable admin as untenable under the privacy laws. What the ISP
does do, and what other ISPs could do, is egress monitoring of
CIDR/syn-packet rates through border routers. Reckons that's pretty
effective in knocking off both witting and unwitting spammers within his
network. Obviously the ISP has to want this, and implement a strict
anti-spam policy in the first place.

The result of the above, is that I and all others are given "freedom
under responsibility" and can run our own mailservers or anything else
we like, which is why I willingly pay him my €16 per month for his


mail: billy - at - billy.demon.nl

More information about the list mailing list