# This blacklist of DCC clients is used by the public DCC servers. The # public DCC servers should only be used by small sites that qualify # for the free license on the DCC source. # See http://www.dcc-servers.net/dcc/ or # http://www.rhyolite.com/dcc/ concerning the DCC # # This list contains IP addresses and blocks of addresses of DCC clients # that persistently cause problems such as sending more than 100,000 # requests per day to the public DCC servers. This list causes the public # DCC servers to ignore requests even before checking the automatic # rate-limiting mechanisms. # # This blacklist has no direct effect on email. # # This list is http://www.rhyolite.com/dcc/client-blacklist.html and # http://www.dcc-servers.net/dcc/client-blacklist.html # # Operators of public DCC servers can use the user names and passwords that # they use to see the DCC server status web pages to see the consolidated # lists of the busiest clients of the public DCC servers at # http://www.rhyolite.com/dcc/private/clients.cgi # # Contact Vernon Schryver at vjs@rhyolite.com or use the web form at # http://www.rhyolite.com/cgi-bin/ct.cgi?sb=public+server+blacklist # more than 250K-300K requests/day from 114.80.219.175 and no response to email # to online.sh.cn 114.80.219.175 # more than 500K requests/day from 12.40.55.182 and no response to email # U.S. FILTER CORPORATION, LOWELL, MA # apparently associated with Siemens 12.40.55.182 # more than 500K requests/day from 202.190.203.180 # no response to email to abuse@jaring.my, postmaster@localdns.com # still bad 2010/06/10 202.190.203.0/24 # more than 350K requests/day for months from 91.102.136.90 and 91.102.136.106 # no response to email to abuse@regioit-aachen.de, info@regioit-aachen.de, # tech-de@a1-net.de # still bad 2010/01/07 91.102.136.0/24 # more than 500K requests/day for months from 216.55.191.208, 216.55.191.199, # and 216.55.191.207 # no response to email to abuse@aplus.net # still bad 2010/01/07 216.55.191.0/24 # more than 625K requests/day for months from 200.80.13.8, 200.80.13.18, # and 200.80.13.10 # no response to email to abuse@telcom.net and info@telcom.net # still bad 2010/01/07 200.80.13.0/27 # up to 6.2M requests/day for months from 74.39.252.114 # firewall-01.terrasite.com # no response to email to abuse@terrasite.com, Support@terrasite.com # except an ignore-bot ticket number # still bad 2010/01/07 74.39.252.114 # 400K requests/day for months from 149.242.224.10 mail.koerber.de # no response from abuse@cogentco.com, postmaster@koerber.de, or hauni.com # Christian Lohse, Hamburg DE # still bad at 500K+ ops/day 2010/01/27 149.242.224.10 # about 1 million NOPs/day from 80.83.47.186 and 80.83.47.187 # No response to email # VIDEO 2000 SA, A. Vuillemez, Neuchâtel, Switzerland # still bad 2010/01/07 80.83.47.186/31 # 500K requests/day for months from 200.196.28.51 and 200.196.28.52 # no response from abuse@matrix.com.br, gerope@matrix.com.br, # or postmaster@matrix.com.br # MATRIX INTERNET S.A., Eber Luglio Lacerda, # still bad 2009/04/28 # 2010/01/07 # test 2010/05/28 200.196.28.0/24 # ains.net.au # Australia InterNet Solutions # 380K to 1.2M requests/day from 202.126.109.235 # They respond to email with pleas to not blacklist them, but no effective # or enduring actions. Things are fixed for a while and then break. # still bad 2010/01/07 202.126.109.235 # 600K requests/day # no reverse-DNS name; no response from CIDR block whois contact # still bad 2010/01/07 218.236.90.202 # Commtouch should not use the public DCC servers 207.135.122.32/27 216.163.176.0/20 64.167.110.48/29 64.191.223.0/24 65.74.160.0/29 65.74.168.224/27 # old unsolicited bulk email advertiser siteprotect.com // hostway.com # 275K requests/day from 83.246.86.164, smapp01.csee.de.siteprotect.com 83.246.86.0/24 216.36.192.0/18 64.26.0.0/18 66.113.128.0/17 # Guardian Digital is yet another organization with a business # plan based on selling the CPU cycles, bandwidth, and human system # administration labor spent on the public DCC servers. # 350K OPs/day from 64.1.16.5, bwimail01.guardiandigital.com 64.1.16.0/24 # 300K OPs/day from 74.201.172.168, bwimail02.guardiandigital.com 74.201.172.0/24 # cryptoheaven.com, # Adam Kurzawa # 5-2325 Hurontario Street, Suite 206 # Mississauga CA # 986,723 ops/day # yet another seller of CPU cycles, bandwidth, and system administration # labor of the public DCC servers # still bad 2010/01/07 64.34.231.40/29 # viruscheckservice.de # 300K requests/day # yet another seller of CPU cycles, bandwidth, and system # administration labor of the public DCC servers # particularly amusing is that mail to postmaster@viruscheckservice.de # and flo@degnet.de, the contact address for viruscheckservice.de, # is rejected with # "450-Your address 192.188.61.3 has mailed to spamtraps here" 80.73.96.0/24 # First Gulf Bank, P O Box 6316, Abu Dhabi, UAE # Suresh Rajagopalan 195.229.126.213 fgb-mail.fgb.ae # configured a DCC client to send requests to the public DCC servers, # did not configure their firewall to accept the DCC responses, # and then demanded the identity of an attacker on their # "web-server" doing "TCP / UDP / ICMP scans" so that "action # could be initiated against user as per law of UAE or any other # countries (sic) applicable laws" 195.229.126.208/28 # suppress complaints from servers about stale DCC Reputations trial # for client-ID 400016 85.189.66.43 # $Date: 2010/06/11 03:02:41 $
Contact Vernon Schryver at vjs@rhyolite.com or using the form. Do not send mail to the spam trap.
