[Dshield] Need Suggestions

Kenneth Coney superc at visuallink.com
Sat Jun 25 15:47:19 GMT 2005


There is nothing wrong with your solution.  I myself did the same thing 
back in 00.  When I wrote about it here in 01 or 02 I was chastised by 
some for cutting myself off from the rest of the planet.  That I have no 
interest in commerce or daily communication with an entire planet was 
ignored.  I also deleted much of Africa, much of Europe and Northern 
Asia from the list of IPs my PCs respond to or accept email from.  Yes, 
it was tedious and involved (and still does as IP ranges move) entering 
lots and lots of IP ranges into the filter.  The fun part was making 
exception rules for specific known persons or sites (such as TDS in AU 
or AVG in CZ).  I created three rule classes.  Logged but auto deleted 
on receipt (most of my incoming email, much of which seems not to have 
even been in English, (the amount of which has decreased by half 
(supposedly coincidence) once I dropped Symantec), sent to trash 
(reserved for certain US IPs such as ComCast, pacbell  or Yahoo, all of 
which are heavy spam senders in my experience) and from which I might 
and occasionally do receive an email I might want to read or reply to,  
Trash is also where much incoming email is sent by the commercial Junk 
filter when I deactivate my own first class of filter so I can modify it 
while online.  The third category of mail is what passes the known spam 
and foreign IP tests and makes it to my inbox.  One or two a day.  Saves 
beaucoup time by not dealing with email from foreign IPs.



> ------------------------------------------------------------------------
>
> Subject:
> Re: [Dshield] Need Suggestions
> From:
> jayjwa <jayjwa at atr2.ath.cx>
> Date:
> Sat, 25 Jun 2005 04:51:41 -0400
> To:
> General DShield Discussion List <list at lists.dshield.org>
>
> To:
> General DShield Discussion List <list at lists.dshield.org>
>
>
>
> On Thu, 23 Jun 2005, Golden_Eternity wrote:
>
> -> Mike Wydra wrote:
>
> -> > I NeoTraced the addresses back to Beijing (Peking), and of course,
> -> > there's no information available.
> -> -> from the apnic whois:
> -> -> trouble:      send anti-spam reports to spam at jsinfo.net
> -> trouble:      send abuse reports to abuse at jsinfo.net
>
> After dozens and dozens of abuse reports sent, I never, ever, got even 
> a one response from any China/Chinanet network. That's if the 
> addresses accepted mail at all, many are 'user unknown', 'mailbox 
> full', or no postmaster (in violation of rfc's). Althought I don't 
> like to do it in the normal run of things, I started dropping any and 
> all traffic from China and also Korea. Understand that this was after 
> many, many incidents, with the biggest factor being no response 
> whatsoever from any ISP there. It's like that just don't care.
>
> There are lists of all those address here: http://www.blackholes.us/ 
> Some forms fit into an IPtables script nicely.
>
> What the OP was likely seeing was Messenger Spam, there are alot of 
> Messenger spammers there and a few Spam-Cannons that appear so 
> frequently on the monitor that I recognize the IP address when it pops 
> up.
>
>
> ------------------------------------------------------------------------




More information about the list mailing list