Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Sistemnet goes ROKSO

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Sun Mar 08, 2009 4:48 am    Post subject: Sistemnet goes ROKSO Reply with quote

I was quite surprised to see long time cybercrime supporter Sistemnet going ROKSO on Spamhaus. Not even that, they even made it into the top 10 of the worst spam operations:

ROKSO listing:
http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Sistemnet

Spamhaus' top 10 spammers:
http://www.spamhaus.org/statistics/spammers.lasso

They've also been the worst spam supporting network for quite a while:
http://www.spamhaus.org/statistics/networks.lasso

Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 30 Oct 2014
Posts: 10332
Location: at the beach

PostPosted: Sun Mar 08, 2009 3:04 pm    Post subject: Reply with quote

Most interesting. That top 10 spammers list also. Sheesh -- one would think since they are known and documented so well, something could be done to stop them, but I guess that's wishful thinking.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
sotet
Junior Member


Joined: 10 Sep 2004
Last Visit: 31 Jan 2010
Posts: 47

PostPosted: Sat Mar 14, 2009 10:17 am    Post subject: Reply with quote

I noticed that one, too, recently, olliver. Thanks for posting it. I have dealt with reporting some of their spam. I would think that many mail admins block all Turkish IPs for obvious reasons.

http://www.matchent.com/wpress/?q=node/446

Say goodbye to Sistemnet? - I hope so as this blog entry asserts.

October 2008 posts about this rogue ISP in InBoxRevenge.
http://ksforum.inboxrevenge.com/viewtopic.php?f=1&t=1761

also interesting to note is they are getting some SBLs removed

Quote:

Removed 79.135.179.5/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:06 GMT Ruslan Ibragimov / send-safe.com
secure.send-safe.com SBL70312

Removed 91.208.228.105/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:06 GMT Canadian Pharmacy
Pharma spammers who abuse MS live.com spaces SBL70489

Removed 91.208.228.152/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:03 GMT Criminal botnet-proxy spammers DNS SBL70610

Removed 79.135.168.110/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 10:03 GMT Botnet C&C control hub SBL71151

Removed 79.135.167.23/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:59 GMT russian bride scam spam SBL71412

Removed 79.135.168.145/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:59 GMT Malware droppers & cybecrime: onlinestatsmanager.com SBL71520

Removed 79.135.187.0/24 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:42 GMT Cybercrime host SBL70016

Removed 79.135.187.38/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:41 GMT Malware droppers SBL70008

Removed 91.208.228.101/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:40 GMT Cybercrime DNS server SBL69945

Removed 79.135.168.60/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:40 GMT Asprox Botnet C&C control hub SBL69765

Removed 79.135.168.38/31 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:40 GMT Cybercrime hostng: el1te-russ1an-g1rls.com etc SBL69635

Removed 91.208.228.2/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:39 GMT Cybercrime hostng: appleability.com etc SBL69632

Removed 79.135.168.36/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:39 GMT Spammer DNS & website hosting SBL68836

Removed 79.135.168.38/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:37 GMT elite-russ1an-girls.net , elite-russian-g1rls.com etc. SBL68835

Removed 79.135.168.24/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:36 GMT google-analitiks.net scam site SBL68804

Removed 79.135.167.59/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:36 GMT Canadian Pharmacy
DNS server for spammer domains SBL67303

Removed 79.135.167.22/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:36 GMT Botnet DDoS spam fraud hub SBL67067

Removed 79.135.167.0/24 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:35 GMT AbdAllah a/k/a istanbultelecom -Ukrainian cybercrime hosting SBL64881

Removed 79.135.167.7/32 sistemnet.com.tr Issue Resolved
14-Mar-2009 09:35 GMT Canadian Pharmacy
Botnet pharma spammers @ sistemnet SBL64880
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Mon Mar 16, 2009 1:05 pm    Post subject: Reply with quote

sotet wrote:
I would think that many mail admins block all Turkish IPs for obvious reasons.


Why would a responsible mail admin want to block all of Turkey? This approach makes no sense to me, because you can easily pinpoint rogue networks and block them by merely looking up the ip addresses or routing. By the same logic, admins in Europe should have blocked all US address ranges some time ago, because they were home to Intercage and McColo. When the goal is to stop spam from reaching your user's inboxes, then you adjust your iptables or deny rules for that specific network and move on.

Quote:
Say goodbye to Sistemnet? - I hope so as this blog entry asserts.


I wouldn't hold my breath:
Quote:
44097 SNETTELECOM-AS Sistemnet Telekomunikasyon ve Bilgi Tek. Tic. Ltd. Sti.

Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS9121 TTNET TTnet Autonomous System

http://www.cidr-report.org/cgi-bin/as-report?as=AS44097

Quote:
also interesting to note is they are getting some SBLs removed


This can as well be caused by customers moving to another hoster, because they no longer can get through anywhere. As Sistemnet has been on Spamhaus' DROP list for a while, their connectivity to other networks is rather limited and of little use for criminals, unless they use tons of proxy servers to spam through. Sometimes rogue networks "terminate" a customer who was on their "purge" list anyway, because he was generating too many complaints and media attention. Them pretending to do something can keep all those commerce hostile entities from their back for a while (making them happy with a "kill confirmation" and the illusion of being powerful spammer fighters)

Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
sotet
Junior Member


Joined: 10 Sep 2004
Last Visit: 31 Jan 2010
Posts: 47

PostPosted: Tue Mar 17, 2009 9:31 am    Post subject: Reply with quote

Quote:
Why would a responsible mail admin want to block all of Turkey? This approach makes no sense to me, because you can easily pinpoint rogue networks and block them by merely looking up the ip addresses or routing. By the same logic, admins in Europe should have blocked all US address ranges some time ago, because they were home to Intercage and McColo. When the goal is to stop spam from reaching your user's inboxes, then you adjust your iptables or deny rules for that specific network and move on.


*Some* mail admins are very zealous about blocking entire ISPs, those in Turkey or where ever. I am sure a few of such BOFH (mail admins) post on nanae, so if you are familiar with their ramblings, you will see how sensible they can be. A few of them think would think it is reasonable to block a /9 network.

I know what you mean about the US and Europe. If you go by Spamhaus or Spamcop statistics in terms of the volume of spam, North America and Europe are major spam sources.
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Wed Mar 18, 2009 1:28 am    Post subject: Reply with quote

sotet wrote:
olliver wrote:
[overzealous blocking policies]


*Some* mail admins are very zealous about blocking entire ISPs, those in Turkey or where ever. I am sure a few of such BOFH (mail admins) post on nanae, so if you are familiar with their ramblings, you will see how sensible they can be.


Oh yes.... Some NANAE posters are known for quite simplistic views on the spam problem and think they can interpolate from their 2 users + 3 cats mailswerver that does not send mail to anyone outside a radius of 50 miles to the rest of the world. Their ramblings should not be taken seriously and in general, NANAE should not be considered an authoritative source for solutions to spam problems. Much of these postings are driven by the desire for finding a scapegoat for the poster's inabillity of properly blocking and filtering spam sources. Sometimes this is just a "who's the most relentless spammer fighter" contest, often celebrated by the same entities that keep picking up fights with resident trolls...

Responsible mail admins know about travelling users or other mail from abroad that can be proven useful:
Just think of an abuse notification sent by someone in a blocked /8 range - it may be the only notification about a hacked website being abused by spammers and malware peddlers you'll get...

Often, you simply cannot block mail from an entire country, because the scope of your website/company is global. I for one know I couldn't and didn't want to.

Quote:
I know what you mean about the US and Europe. If you go by Spamhaus or Spamcop statistics in terms of the volume of spam, North America and Europe are major spam sources.


In the end such "block all of [$continent]" "recommendations" boil down to "the pot calling the kettle black" and don't get much accomplished, except putting off people who really want to do something about preventing spam. Botnet spam is a problem, especially in Europe where port 25 blocking is the exception rather than the rule, but at the same time it's one of the easiest spam sources to get rid of. With Spamhaus' PBL you can stop those in their tracks at SMTP time without wasting processor cycles on content analysis.

Olliver
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group