# This blacklist of DCC clients is used by the public DCC servers. The # public DCC servers should only be used by small sites that qualify # for the free license on the DCC source. # See http://www.dcc-servers.net/dcc/ or # http://www.rhyolite.com/dcc/ concerning the DCC # # This list contains IP addresses and blocks of addresses of DCC clients # that persistently cause problems such as sending more than 100,000 # requests per day to the public DCC servers. This list causes the public # DCC servers to ignore requests even before checking the automatic # rate-limiting mechanisms. # # This blacklist has no direct effect on email. # # This list is http://www.rhyolite.com/dcc/client-blacklist.html and # http://www.dcc-servers.net/dcc/client-blacklist.html # # Operators of public DCC servers can use the user names and passwords that # they use to see the DCC server status web pages to see the consolidated # lists of the busiest clients of the public DCC servers at # http://www.rhyolite.com/dcc/private/clients.cgi # # Contact Vernon Schryver at vjs@rhyolite.com or use the web form at # http://www.rhyolite.com/cgi-bin/ct.cgi?sb=public+server+blacklist # up to 275K requests/day sent to the public DCC servers instead of # the local DCC servers # still bad 2010/01/07 72.28.0.36 # more than 500K operations/day for months from 193.239.186.42 # no response to email to abuse@sallandxs.nl except an automatic # out-of-office note # parol 2010/01/07 193.239.186.42 # more than 350K operations/day for months from 91.102.136.90 and 91.102.136.106 # no response to email to abuse@regioit-aachen.de, info@regioit-aachen.de, # tech-de@a1-net.de # still bad 2010/01/07 91.102.136.0/24 # more than 500K operations/day for months from 216.55.191.208, 216.55.191.199, # and 216.55.191.207 # no response to email to abuse@aplus.net # still bad 2010/01/07 216.55.191.0/24 # more than 625K operations/day for months from 200.80.13.8, 200.80.13.18, # and 200.80.13.10 # no response to email to abuse@telcom.net and info@telcom.net # still bad 2010/01/07 200.80.13.0/27 # up to 6.2M operations/day for months from 74.39.252.114 # firewall-01.terrasite.com # no response to email to abuse@terrasite.com, Support@terrasite.com # except an ignore-bot ticket number # still bad 2010/01/07 74.39.252.114 # 400K operations/day for months from 149.242.224.10 mail.koerber.de # no response from abuse@cogentco.com, postmaster@koerber.de, or hauni.com # Christian Lohse, Hamburg DE # still bad at 500K+ ops/day 2010/01/27 149.242.224.10 # about 1 million NOPs/day from 80.83.47.186 and 80.83.47.187 # No response to email # VIDEO 2000 SA, A. Vuillemez, Neuchâtel, Switzerland # still bad 2010/01/07 80.83.47.186/31 # up to 1.2 million NOPs/day from 161.53.64.3 # maja.zesoi.fer.hr # no responses to email # parol 2010/01/07 161.53.64.0/24 # 500K operations/day for months from 200.196.28.51 and 200.196.28.52 # no response from abuse@matrix.com.br, gerope@matrix.com.br, # or postmaster@matrix.com.br # MATRIX INTERNET S.A., Eber Luglio Lacerda, # still bad 2009/04/28 # 2010/01/07 200.196.28.0/24 # ains.net.au # Australia InterNet Solutions # 380K to 1.2M requests/day from 202.126.109.235 # They respond to email with pleas to not blacklist them, but no effective # or enduring actions. Things are fixed for a while and then break. # still bad 2010/01/07 202.126.109.235 # 600K operations/day # no reverse-DNS name; no response from CIDR block whois contact # still bad 2010/01/07 218.236.90.202 # 300K requests/day using protocol #9 from 216.163.188.211 # Commtouch does not have a commercial DCC license. # 216.163.188.211 still hitting 225K/day 2010/01/07 207.135.122.32/27 216.163.176.0/20 64.167.110.48/29 64.191.223.0/24 65.74.160.0/29 65.74.168.224/27 # old unsolicited bulk email advertiser siteprotect.com // hostway.com # 275K requests/day from 83.246.86.164, smapp01.csee.de.siteprotect.com 83.246.86.0/24 216.36.192.0/18 64.26.0.0/18 66.113.128.0/17 # Fortinet.com seems to be following a familiar business plan # and not only selling a product that misappropriates the CPU cycles, # bandwidth, and human administration efforts of the public DCC servers # but also generates bogus DCC requests packets. # Michael Xie, Sunnyvale CA # parol 2010/01/07 65.39.139.0/24 # fortinet.com has address 203.160.224.97 # fortinet.com mail is handled by 5 MAIL.APSECURE.com. # Wen-Shyang Shiau Chunghwa Telecom wsshiau@chti.com.tw # AP Secure Technologies Burnaby BC # APSECURE.com has address 203.160.224.97 # asianproducts.com Media Federal Co. Taipei TW # APSYS.NET Media Federal Co. Taipei TW # parol 2010/01/07 203.160.224.0/19 # Guardian Digital is yet another organization with a business # plan based on selling the misappropriated CPU cycles, bandwidth, # and human system administration labor spent on the public DCC servers. # 350K OPs/day from 64.1.16.5, bwimail01.guardiandigital.com 64.1.16.0/24 # 300K OPs/day from 74.201.172.168, bwimail02.guardiandigital.com 74.201.172.0/24 # cryptoheaven.com, # Adam Kurzawa # 5-2325 Hurontario Street, Suite 206 # Mississauga CA # 986,723 ops/day # yet another seller of misappropriated CPU cycles, bandwidth, and system # administration labor of the public DCC servers # still bad 2010/01/07 64.34.231.40/29 # viruscheckservice.de # 300K operations/day # yet another seller of misappropriated CPU cycles, bandwidth, and system # administration labor of the public DCC servers # particularly amusing is that mail to postmaster@viruscheckservice.de # and flo@degnet.de, the contact address for viruscheckservice.de, # is rejected with # "450-Your address 192.188.61.3 has mailed to spamtraps here" 80.73.96.0/24 # Kenosha Information Technology, 8809 39th Ave, Kenosha WI # mailsnare.net # yet another seller of misappropriated CPU cycles, bandwidth, and system # administration labor of the public DCC servers 209.236.228.64/27 70.85.220.194 # unspam.com, openpop3.com # Eric Langheinrich, # Unspam Technologies, Inc., 1901 Prospector Avenue, Park City, Utah # violates the license on the free DCC software 66.114.104.64/26 # TS Technology or Top Security # tstechnology.net, TS Technology, Dublin, IE # topsectechnology.com, Dublin, IE # yet another seller of misappropriated CPU cycles, bandwidth, and system # administration labor of the public DCC servers 62.77.162.0/26 # First Gulf Bank, P O Box 6316, Abu Dhabi, UAE # Suresh Rajagopalan 195.229.126.213 fgb-mail.fgb.ae # configured a DCC client to send requests to the public DCC servers, # did not configure their firewall to accept the DCC responses, # and then demanded the identity of an attacker on their # "web-server" doing "TCP / UDP / ICMP scans" so that "action # could be initiated against user as per law of UAE or any other # countries applicable laws" 195.229.126.208/28 # aaaonlinux.com, indiannic.com # does not meet the terms & conditions for use of the public DCC servers 208.115.35.224 # suppress complaints from servers about stale DCC Reputations trial # for client-ID 400016 85.189.66.43 # $Date: 2010/01/23 02:51:07 $
Contact Vernon Schryver at vjs@rhyolite.com or using the form. Do not send mail to the spam trap.
