On Mon 30/Nov/2020 22:56:22 +0100 John Levine wrote:
In article <k6GaYeBxPMxfFAZo@highwayman.com>, Richard Clayton <richard@highwayman.com> wrote:
Only a few of them are listed on https://www.spamhaus.org/drop/
So announcing a prefix that is on that list is not a good sign (indeed far from it) -- but don't expect a "new" hijacker to only choose from that list or indeed to pick any prefixes from that list at all.
Spamhaus have very conservative criteria for their DROP list, so it's not surprising that you wouldn't immediately find all those hijacked blocks on it. On the other hand, they update it frequently and I see they added a bunch of new blocks to it today.
Indeed. As I have the command still in bash's history, matches increased from 5 to 17, nearly one half of Ronald's post: 199.84.16.0 -> spamhaus-drop/drop.txt:199.84.16.0/20 ; SBL503515 199.185.144.0 -> spamhaus-drop/drop.txt:199.185.144.0/20 ; SBL503521 68.66.48.0 -> spamhaus-drop/drop.txt:68.66.48.0/20 ; SBL502548 207.70.224.0 -> spamhaus-drop/drop.txt:207.70.224.0/20 ; SBL503527 207.228.192.0 -> spamhaus-drop/drop.txt:207.228.192.0/20 ; SBL503528 96.45.144.0 -> spamhaus-drop/drop.txt:96.45.144.0/20 ; SBL502550 204.44.208.0 -> spamhaus-drop/drop.txt:204.44.208.0/20 ; SBL503530 204.156.192.0 -> spamhaus-drop/drop.txt:204.156.192.0/20 ; SBL503537 69.8.64.0 -> spamhaus-drop/drop.txt:69.8.64.0/20 ; SBL502549 69.8.96.0 -> spamhaus-drop/drop.txt:69.8.96.0/20 ; SBL503524 206.125.16.0 -> spamhaus-drop/drop.txt:206.125.16.0/20 ; SBL503526 64.92.224.0 -> spamhaus-drop/drop.txt:64.92.224.0/20 ; SBL503523 204.147.96.0 -> spamhaus-drop/drop.txt:204.147.96.0/20 ; SBL503525 24.137.16.0 -> spamhaus-drop/drop.txt:24.137.16.0/20 ; SBL502541 204.128.32.0 -> spamhaus-drop/drop.txt:204.128.32.0/20 ; SBL503533 199.73.64.0 -> spamhaus-drop/drop.txt:199.73.64.0/20 ; SBL502551 104.156.144.0 -> spamhaus-drop/drop.txt:104.156.144.0/20 ; SBL503516 Best Ale --