# This blacklist of DCC clients is used by the public DCC servers.  The
#   public DCC servers should only be used by small sites that qualify
#   for the free license on the DCC source.
#   See http://www.dcc-servers.net/dcc/ or
#   http://www.rhyolite.com/dcc/ concerning the DCC
#
#   This list contains IP addresses and blocks of addresses of DCC clients
#   that persistently cause problems such as sending more than 100,000
#   requests per day to the public DCC servers.  This list causes the public
#   DCC servers to ignore requests even before checking the automatic
#   rate-limiting mechanisms.
#
#   This blacklist has no direct effect on email.
#
#   This list is http://www.rhyolite.com/dcc/client-blacklist.html and
#   http://www.dcc-servers.net/dcc/client-blacklist.html
#
#   Operators of public DCC servers can use the user names and passwords that
#   they use to see the DCC server status web pages to see the consolidated
#   lists of the busiest clients of the public DCC servers at
#   http://www.rhyolite.com/dcc/private/clients.cgi
#
#   Contact Vernon Schryver at vjs@rhyolite.com or use the web form at
#   http://www.rhyolite.com/cgi-bin/ct.cgi?sb=public+server+blacklist



# up to 275K requests/day sent to the public DCC servers instead of
#   the local DCC servers
#	still bad 2010/01/07
72.28.0.36


# more than 500K operations/day for months from 193.239.186.42
#   no response to email to abuse@sallandxs.nl except an automatic
#	out-of-office note
# parol 2010/01/07 193.239.186.42


# more than 350K operations/day for months from 91.102.136.90 and 91.102.136.106
#   no response to email to abuse@regioit-aachen.de, info@regioit-aachen.de,
#   tech-de@a1-net.de
#	still bad 2010/01/07
91.102.136.0/24


# more than 500K operations/day for months from 216.55.191.208, 216.55.191.199,
#	 and 216.55.191.207
#   no response to email to abuse@aplus.net
#	still bad 2010/01/07
216.55.191.0/24


# more than 625K operations/day for months from 200.80.13.8, 200.80.13.18,
#	and 200.80.13.10
#   no response to email to abuse@telcom.net and info@telcom.net
# 	still bad 2010/01/07
200.80.13.0/27


# up to 6.2M operations/day for months from 74.39.252.114
#	 firewall-01.terrasite.com
#   no response to email to abuse@terrasite.com, Support@terrasite.com
#   	except an ignore-bot ticket number
#	still bad 2010/01/07
74.39.252.114


# 400K operations/day for months from 149.242.224.10  mail.koerber.de
#   no response from abuse@cogentco.com, postmaster@koerber.de, or hauni.com
#   Christian Lohse, Hamburg DE
#	still bad at 500K+ ops/day 2010/01/27
149.242.224.10


# about 1 million NOPs/day from 80.83.47.186 and 80.83.47.187
#   No response to email
#   VIDEO 2000 SA,  A. Vuillemez, Neuchâtel, Switzerland
#	still bad 2010/01/07
80.83.47.186/31


# up to 1.2 million NOPs/day from 161.53.64.3
#   maja.zesoi.fer.hr 
#   no responses to email
# parol 2010/01/07 161.53.64.0/24


# 500K operations/day for months from 200.196.28.51 and 200.196.28.52
#   no response from abuse@matrix.com.br, gerope@matrix.com.br,
#	or postmaster@matrix.com.br
#   MATRIX INTERNET S.A., Eber Luglio Lacerda,
# 	still bad 2009/04/28
#		  2010/01/07
200.196.28.0/24


# ains.net.au
#   Australia InterNet Solutions
#   380K to 1.2M requests/day from 202.126.109.235
#   They respond to email with pleas to not blacklist them, but no effective
#	or enduring actions.  Things are fixed for a while and then break.
#	still bad 2010/01/07
202.126.109.235


# 600K operations/day 
#   no reverse-DNS name; no response from CIDR block whois contact
#	still bad 2010/01/07
218.236.90.202


# 300K requests/day using protocol #9 from 216.163.188.211
#   Commtouch does not have a commercial DCC license.
#   216.163.188.211 still hitting 225K/day 2010/01/07
207.135.122.32/27
216.163.176.0/20
64.167.110.48/29
64.191.223.0/24
65.74.160.0/29
65.74.168.224/27


# old unsolicited bulk email advertiser siteprotect.com // hostway.com
# 275K requests/day from 83.246.86.164, smapp01.csee.de.siteprotect.com
83.246.86.0/24
216.36.192.0/18
64.26.0.0/18
66.113.128.0/17


# Fortinet.com seems to be following a familiar business plan
#   and not only selling a product that misappropriates the CPU cycles,
#   bandwidth, and human administration efforts of the public DCC servers
#   but also generates bogus DCC requests packets.
#	Michael Xie, Sunnyvale CA
# parol 2010/01/07 65.39.139.0/24
#   fortinet.com has address 203.160.224.97
#   fortinet.com mail is handled by 5 MAIL.APSECURE.com.
#	Wen-Shyang Shiau Chunghwa Telecom wsshiau@chti.com.tw
#   AP Secure Technologies Burnaby BC
#   APSECURE.com has address 203.160.224.97
#   asianproducts.com  Media Federal Co. Taipei TW
#   APSYS.NET  Media Federal Co. Taipei TW
# parol 2010/01/07 203.160.224.0/19


# Guardian Digital is yet another organization with a business
#   plan based on selling the misappropriated CPU cycles, bandwidth,
#   and human system administration labor spent on the public DCC servers.
#   350K OPs/day from 64.1.16.5, bwimail01.guardiandigital.com
64.1.16.0/24
#   300K OPs/day from 74.201.172.168, bwimail02.guardiandigital.com
74.201.172.0/24


# cryptoheaven.com,
#	Adam Kurzawa
#	5-2325 Hurontario Street, Suite 206
#	Mississauga CA
#   986,723 ops/day
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
#	still bad 2010/01/07
64.34.231.40/29


# viruscheckservice.de
#   300K operations/day
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
#   particularly amusing is that mail to postmaster@viruscheckservice.de
#	and flo@degnet.de, the contact address for viruscheckservice.de,
#	is rejected with
#	"450-Your address 192.188.61.3 has mailed to spamtraps here"
80.73.96.0/24


# Kenosha Information Technology, 8809 39th Ave, Kenosha WI
#   mailsnare.net
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
209.236.228.64/27
70.85.220.194


# unspam.com, openpop3.com
#   Eric Langheinrich,
#   Unspam Technologies, Inc., 1901 Prospector Avenue, Park City, Utah
#   violates the license on the free DCC software
66.114.104.64/26


# TS Technology or Top Security
#   tstechnology.net, TS Technology, Dublin, IE
#   topsectechnology.com, Dublin, IE
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
62.77.162.0/26


# First Gulf Bank, P O Box 6316, Abu Dhabi, UAE
# Suresh Rajagopalan  195.229.126.213 fgb-mail.fgb.ae
#   configured a DCC client to send requests to the public DCC servers,
#   did not configure their firewall to accept the DCC responses,
#   and then demanded the identity of an attacker on their
#   "web-server" doing "TCP / UDP / ICMP scans" so that "action
#   could be initiated against user as per law of UAE or any other
#   countries applicable laws"
195.229.126.208/28


# aaaonlinux.com, indiannic.com
#   does not meet the terms & conditions for use of the public DCC servers
208.115.35.224


# suppress complaints from servers about stale DCC Reputations trial
#   for client-ID 400016
85.189.66.43


# $Date: 2010/01/23 02:51:07 $

Contact Vernon Schryver at vjs@rhyolite.com or using the form. Do not send mail to the spam trap.