Recovering the Slums of the Internet? 218
turtleshadow writes "Brian Krebs of the Security Fix Blog analyzes the McColo Spamming one year later and asks an interesting question: 'How does one renovate and recoup the lost trust to the slums of the Internet and reclaim back all the domains and IPs that have been blacklisted?' Indeed, the economic benefits abound when a huge swath of illegal and annoying activity ceases — but given the basic design of the Internet, what happens over the long run to IP space and DNS when hosting companies come and go and vary in their trustworthiness? So too, now Geocities is dead [as a business], but does that still live in your filter list? It still appears in OpenDNS under several policy categories. How, in a few years, will I tell if some Hosting/Colo sold me Whitechapel Road/Ventura Avenue for Mayfair/Boardwalk prices, and no one is going to accept my mail from a former slum? When do you, if ever, roll back the blacklists and filters for 'dead' threats and spammers?"
Solution (Score:2, Informative)
Easy solution: (Score:3, Informative)
And, of course, you should regularly be looking at your entire setup, including filtering, on a regular basis to make sure the solution you have is still the best one for your situation. Technology, and the Internet, changes too rapidly to take a "set and forget" attitude toward anything, especially filtering.
Re:What slums? (Score:3, Informative)
Re:haha funny (Score:2, Informative)
Re:who's on first? (Score:5, Informative)
nslookup -q=ptr 69.69.69.69.in-addr.arpa
Non-authoritative answer:
69.69.69.69.in-addr.arpa name = the-coolest-ip-on-the-net.com
Well, I'll be... I honestly didn't expect that. Duh...
Cleaning Dirty IP Addresses (howto) (Score:1, Informative)
It takes a bit of time, but if you inherate a 'dirty' IP Address. AKA, one that was used by a spammer or porn website, you need to visit the maintainers of the blacklists.
http://www.spamhaus.org/
and
http://www.spamcop.net/
You send them an email about your situation, and the ISP that issued you the IP addresses need to Also contact them. They (spamhaus and spamcop) will then base your request of if they receive anymore spam complaints.
Then you can 'clean' the 'dirty' IP Address.
As far as Spam goes, that is how you do it. But, for other blacklists, you have to contact them.
Just send them an Email and claim your a new owner and are not affiliated with the 'Slum Lords' past or with them in any way,
Re:I like the Ras Al Gul approach (Score:3, Informative)
It will be nearly impossible to get delisted, too, and for good reason. For years the Russian malware gangs played silly buggers with changing names, corporations and hosting providers to pretend to be different unrelated entities whilst still engaging in the abuse.
So “but I bought this netblock from someone else, I'm not a hacker!” is, unfortunately, something we've already heard many times from the hackers.
Re:I like the Ras Al Gul approach (Score:2, Informative)
You mean something like http://lists.arin.net/pipermail/arin-issued/ [arin.net]?
Not digitally signed, but it's easy enough to validate the source from the source IP and headers anyway for this kind of thing. The main item of note would be the deletes, as they indicate a return of address space.