# This blacklist of DCC clients is used by the public DCC servers.  The
#   public DCC servers should only be used by small sites that qualify
#   for the free license on the DCC source.
#   See http://www.dcc-servers.net/dcc/ or
#   http://www.rhyolite.com/dcc/ concerning the DCC
#
#   This list contains IP addresses and blocks of addresses of DCC clients
#   that persistently cause problems such as sending more than 100,000
#   requests per day to the public DCC servers.  This list causes the public
#   DCC servers to ignore requests even before checking the automatic
#   rate-limiting mechanisms.
#
#   This blacklist has no direct effect on email.
#
#   This list is http://www.rhyolite.com/dcc/client-blacklist.html and
#   http://www.dcc-servers.net/dcc/client-blacklist.html
#
#   Operators of public DCC servers can use the user names and passwords that
#   they use to see the DCC server status web pages to see the consolidated
#   lists of the busiest clients of the public DCC servers at
#   http://www.rhyolite.com/dcc/private/clients.cgi
#
#   Contact Vernon Schryver at vjs@rhyolite.com or use the web form at
#   http://www.rhyolite.com/cgi-bin/ct.cgi?sb=public+server+blacklist



# more than 250K-300K requests/day from 114.80.219.175 and no response to email
#   to online.sh.cn
114.80.219.175


# more than 500K requests/day from 12.40.55.182 and no response to email
#   U.S. FILTER CORPORATION, LOWELL, MA
#   apparently associated with Siemens
12.40.55.182


# more than 500K requests/day from 202.190.203.180
#   no response to email to abuse@jaring.my, postmaster@localdns.com
#   still bad 2010/06/10
202.190.203.0/24


# more than 350K requests/day for months from 91.102.136.90 and 91.102.136.106
#   no response to email to abuse@regioit-aachen.de, info@regioit-aachen.de,
#   tech-de@a1-net.de
#	still bad 2010/01/07
91.102.136.0/24


# more than 500K requests/day for months from 216.55.191.208, 216.55.191.199,
#	 and 216.55.191.207
#   no response to email to abuse@aplus.net
#	still bad 2010/01/07
216.55.191.0/24


# more than 625K requests/day for months from 200.80.13.8, 200.80.13.18,
#	and 200.80.13.10
#   no response to email to abuse@telcom.net and info@telcom.net
# 	still bad 2010/01/07
200.80.13.0/27


# up to 6.2M requests/day for months from 74.39.252.114
#	 firewall-01.terrasite.com
#   no response to email to abuse@terrasite.com, Support@terrasite.com
#   	except an ignore-bot ticket number
#	still bad 2010/01/07
74.39.252.114


# 400K requests/day for months from 149.242.224.10  mail.koerber.de
#   no response from abuse@cogentco.com, postmaster@koerber.de, or hauni.com
#   Christian Lohse, Hamburg DE
#	still bad at 500K+ ops/day 2010/01/27
149.242.224.10


# about 1 million NOPs/day from 80.83.47.186 and 80.83.47.187
#   No response to email
#   VIDEO 2000 SA,  A. Vuillemez, Neuchâtel, Switzerland
#	still bad 2010/01/07
80.83.47.186/31


# 500K requests/day for months from 200.196.28.51 and 200.196.28.52
#   no response from abuse@matrix.com.br, gerope@matrix.com.br,
#	or postmaster@matrix.com.br
#   MATRIX INTERNET S.A., Eber Luglio Lacerda,
# 	still bad 2009/04/28
#		  2010/01/07
# test 2010/05/28  200.196.28.0/24


# ains.net.au
#   Australia InterNet Solutions
#   380K to 1.2M requests/day from 202.126.109.235
#   They respond to email with pleas to not blacklist them, but no effective
#	or enduring actions.  Things are fixed for a while and then break.
#	still bad 2010/01/07
202.126.109.235


# 600K requests/day 
#   no reverse-DNS name; no response from CIDR block whois contact
#	still bad 2010/01/07
218.236.90.202


# Commtouch should not use the public DCC servers
207.135.122.32/27
216.163.176.0/20
64.167.110.48/29
64.191.223.0/24
65.74.160.0/29
65.74.168.224/27


# old unsolicited bulk email advertiser siteprotect.com // hostway.com
# 275K requests/day from 83.246.86.164, smapp01.csee.de.siteprotect.com
83.246.86.0/24
216.36.192.0/18
64.26.0.0/18
66.113.128.0/17


# Guardian Digital is yet another organization with a business
#   plan based on selling the CPU cycles, bandwidth, and human system
#   administration labor spent on the public DCC servers.
#   350K OPs/day from 64.1.16.5, bwimail01.guardiandigital.com
64.1.16.0/24
#   300K OPs/day from 74.201.172.168, bwimail02.guardiandigital.com
74.201.172.0/24


# cryptoheaven.com,
#	Adam Kurzawa
#	5-2325 Hurontario Street, Suite 206
#	Mississauga CA
#   986,723 ops/day
#   yet another seller of CPU cycles, bandwidth, and system administration
#	labor of the public DCC servers
#	still bad 2010/01/07
64.34.231.40/29


# viruscheckservice.de
#   300K requests/day
#   yet another seller of CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
#   particularly amusing is that mail to postmaster@viruscheckservice.de
#	and flo@degnet.de, the contact address for viruscheckservice.de,
#	is rejected with
#	"450-Your address 192.188.61.3 has mailed to spamtraps here"
80.73.96.0/24


# First Gulf Bank, P O Box 6316, Abu Dhabi, UAE
# Suresh Rajagopalan  195.229.126.213 fgb-mail.fgb.ae
#   configured a DCC client to send requests to the public DCC servers,
#   did not configure their firewall to accept the DCC responses,
#   and then demanded the identity of an attacker on their
#   "web-server" doing "TCP / UDP / ICMP scans" so that "action
#   could be initiated against user as per law of UAE or any other
#   countries (sic) applicable laws"
195.229.126.208/28


# suppress complaints from servers about stale DCC Reputations trial
#   for client-ID 400016
85.189.66.43


# $Date: 2010/06/11 03:02:41 $

Contact Vernon Schryver at vjs@rhyolite.com or using the form. Do not send mail to the spam trap.