North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: SORBS Insanity
In case you didn't know, SORBS admins do populate this list from time to time, so I might be worth going through a few things...
Jeremy Kister wrote:
I became aware that just about all of 188.8.131.52/16, a network that I (among others) run, has been listed as "dynamic ip space" in sorbs as of April 2nd. On April 6th I sent my first email (via web-form) to sorbs telling them they were mistaken.
What address did you use? What tracking number did you get?
Again, tracking number please? Address you used?Finding no documentation on how they deem networks "dynamic" or "static" I changed my rDNS scheme from ppp-64-115-x-x to 64-115-x-x Note to all: "ppp" in no way signifies dial-up; we run ppp over almost every circuit we have -- from dialup to OC12, to Ethernet and ATM. I also stated how all of our network was scanned twice a day for open-relay mail servers. Being a bigish ISP, we are _huge_ on our abuse policies, and our abuse bucket [usually] has only memories of tumbleweed blowing by. On april 10th I again wrote, only to be ignored further.
The reason I am asking is I only fine one ticket from the address you posted from.
I gather then you are not actually 'firstname.lastname@example.org' then (see below)...Yesterday, April 13th, One of my customers opened a trouble ticket stating that he had successfully received a response from SORBS, and had forwarded me the conversation. I sent an email to email@example.com (the author of the email) quoting what they had written one of my customers. They said to my customer that I had to either provide custom reverse DNS for each customer who was not dynamic, or I had to provide sorbs with POCs for all my non-dynamic customers. I stated how this was absurd, and that there was already a functioning medium for this task -- rwhois. In this same email, I also stated: 1. exactly which 64.115 networks were dynamic
And yet the mail I received from 'firstname.lastname@example.org' - which I found oddly worded for a professional - stated there are no dynamic blocks in the entire /16.... Which is it?2. that to prevent further hysteria, I had changed the reverse dns from ppp-64-115-x-x to static-64-115-x-x and dynamic-64-115-x-x, respectively.
..who are unpaid, for both answering tickets, and the time in dealing with obnoxious people who threaten various amounts of legal action... not to mention the cost involved in running the services to both the owner and those who generously give resourses to the SORBS project....3. their blindness was very unprofessional, deeming SORBS a Worthless Project ran by Ignorant Half-Wits
Actually the instructions I have given to those answering the DUHL tickets are that if there is no rDNS or rDNS that may indicate the address space is not static then they are to accept requests only from the confirmed RIR PoC... This is specifically because every man and his dog come to us explaining how their part of the net is not dynamic.
As of this date I have not received a response from anyone at sorbs, and do not expect one. Our support crew is overwhelmed with upset customers who cant send email to their associates. Our only response to them is that we have tried to resolve the issue, but could not, and that the remote ISP should stop using sorbs.
Funny the person logging the first ticket also said that...
It was blacklisted because of a tipoff from someone from who is widely known at trusted. I checked up on the tip, and in this case I either didn't look close enough, or your rDNS has changed significantly for the network....I am upset that they blindly blacklisted most of 184.108.40.206/16 because some of the reverse dns was generic. 220.127.116.11/25, for example, hasnt very much generic rDNS at all, but was blacklisted just the same.
I hope all stop using SORBS. I especially hope Mr. Vixie reconsiders hisNow I'm not going to reveal details of the actual comments in the tickets unless you grant your permission and indicate which ticket(s) are yours...
I will say though as there are no indications of any dynamic ranges in any of the tickets logged, I spent all day yesturday going through the rDNS logs for the entire /16 (yes we do go through the entire dump), and had I not spent until the early hours of the morning this morning tracking a DoS attack, and then most fo the day in my dayjob I would have already have fixed this... but I guess by your post that doesn't matter.