Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

RBN block recycled by ThePlanet

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Tue May 12, 2009 11:59 am    Post subject: RBN block recycled by ThePlanet Reply with quote

Remember the darkest corner on the Internet run by an entity from in St Petersburg, Russia called Russian Business Network? They had a famous RIPE allocation, probably the most widely firewalled/null routed address range in the history of web:
81.95.144.0/20

In the meantime, the address range has been returned to RIPE, so that it is no longer a danger. But it might be a nuisance to unsuspicious ThePlanet customers who fell for the "rent a server in Europe" offer:

Quote:
inetnum: 81.95.144.0 - 81.95.159.255
netname: UK-TPCM-20090316
descr: ThePLANET.Com Internet Services, Inc.
country: GB
org: ORG-TISI1-RIPE
admin-c: SOB2009-RIPE
tech-c: BS9000-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: MAINT-THEPLANET-RIPE
mnt-domains: MAINT-THEPLANET-RIPE
mnt-routes: MAINT-THEPLANET-RIPE
source: RIPE # Filtered


People with a dedicated server in this range will inevitably have *enormous* problems getting emails delivered to a lot of places. And most likely there will be hardly ever a rejection message. I'm afraid this space is contaminated for lifetime and a lot of people won't remove this entry until hell freezes over. Prospective customers, especially from the UK, may be very well advised to ask what address range the servers would have and, in case it is the toxic range, insist on getting less troubled ip addresses from ThePlanet.

O.

edit: demoronised wording - oh well...
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
sotet
Junior Member


Joined: 10 Sep 2004
Last Visit: 31 Jan 2010
Posts: 47

PostPosted: Fri Jul 17, 2009 9:44 am    Post subject: Reply with quote

Interesting post, I was not aware of this netbock at ThePlanet but I know a few things about the RBN.

I know ThePlanet takes phishing sites down quickly as I report them, but as a very large dedicated hosting provider, they have attracted some bad apples just as some other large hosting companies like Softlayer or Rackspace.

I just hope these companies and others can be more vigilant in getting rid of very bad customers, even those that are paying substantially. I do realize that the larger customers are harder for them to get rid of because of what they spend, but it does not excuse allowing awful internet abuse to continue on their networks. Spamhaus puts the pressure on these ISPs in some extreme cases to get rid of the cybercriminals by implementing larger blocklistings on the SBL.

BTW: this blog entry about the RBN by Brian Krebs from October 2007 gives some background to your post:

http://voices.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Sat Jul 18, 2009 1:14 pm    Post subject: Reply with quote

Well, the outcome of your reports strongly depends on the customer's hosting plan. Things can become quite frustrating if the spammer rents his/her own SWIP from a reseller of The Planet. Then you can happily join the "chase down the customer's customer of a customer" game and be sure that any complaints will be intercepted by the spammer, perhaps claiming that the problem has been resolved - which means to swap the ip address of the mail-sending interface with an unused one. In situations like this, it's better to just add another firewall rule and move on - unless you are from the likes of Spamhaus, with established relationships to abuse desks.

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group