From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: Web Site blocked as hostile. Not sure if this is correct or not Date: Tue, 15 Aug 2023 18:39:01 +0200 Message-ID: <7ae05c07-c576-4b8b-9536-5b47eed7d69c@ipfire.org> In-Reply-To: <104477fe-009c-41f5-9723-c590b72231ce@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6595082456156049480==" List-Id: --===============6595082456156049480== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Peter, Thanks for the feedback. On 15/08/2023 17:51, Peter M=C3=BCller wrote: > Hello Adolf, >=20 > thank you for raising this. >=20 > There used to be a time where Peg Tech Inc. was hijacking a lot of stolen A= FRINIC > IPv4 networks. They have a conglomerate of Autonomous Systems, I'll look in= to it > and see whether the issue is still ongoing. That doesn't sound like a good hosting network at all. I will live=20 without that website then unless it gets officially cleared in a future=20 list. >=20 > That having been said, a lot of Autonomous Systems being manually listed in= the > "hostile networks" category stems from Spamhaus ASN-DROP listings. Alas, th= is feed > was suspended in October 2021, and I am not aware of any other publicly ava= ilable > ASN blocklist that offers a comparable false positive rate. I missed that list, but of course it is currently empty. >=20 > As soon as ASN-DROP - eventually - comes back, I hope to ditch most of our = custom > hostile entries for Autonomous Systems. My gut feeling is that the approach= of just > incorporating their data works pretty well with the (E)DROP lists, and save= s us an > ongoing maintenance task for which I unfortunately lack spare time at the m= oment. :-/ I am not sure if it will come back. From what I have seen it has been=20 missing now since last October due to "Operational Reasons". Something=20 that has not found a solution in ten months I suspect will never find one. Regards, Adolf >=20 > Thanks, and best regards, > Peter M=C3=BCller >=20 >=20 >> Hi Peter, >> Searched in the spamhause drop.txt file and there is only one network rang= e that starts with 107 and that is >> >> 107.182.240.0/20 ; SBL390277 >> >> Peg Tech Inc are using 107.148.0.0/15 so definitely not in the range of an= y of the spamhaus drop IP's. >> >> Just checked the spamhaus edrop list and that has IP ranges that no closer= to not covering Peg Tech Inc. >> >> >> Based on the above I think I am coming to the conclusion that the problem = in bug#13236 is also causing this problem but where, when libloc is updated t= he hostile networks flag is set on this IP range even though neither of the s= pamhaus drop lists include it. >> >> I think I will add it as additional input into the bug#13236 report later = on today. >> >> Regards, >> Adolf. >> >> On 15/08/2023 15:37, Adolf Belka wrote: >>> Hi Peter, >>> >>> I am getting a DROP_HOSTILE for a web site, oldlinux.org >>> >>> Looking in libloc it shows up as hostile >>> >>> location lookup 107.148.241.134 >>> 107.148.241.134: >>> =C2=A0 Network=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : 107.148.0.0/15 >>> =C2=A0 Country=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : United States of America >>> =C2=A0 Autonomous System=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 : AS54600 -= PEGTECHINC >>> =C2=A0 Hostile Network safe to drop: yes >>> >>> However in spamhaus it says that oldlinux.org and 107.148.241.134 have no= issues. >>> >>> I ran a couple of blacklist checkers on the ip. >>> blacklistchecker.com came back with a pass on everything. >>> dnschecker.org came back with a pass on everything except from dnsbl.spfb= l.net who have it flagged because it doesn't have an rDNS >>> >>> With the problems we are having currently with selective announcements of= networks, I wasn't sure if this problem I have encountered is coming from th= e libloc database or is a real problem. >>> >>> oldlinux is hosted on the network from Peg Tech Inc hosting so maybe they= are a hoster of hostile networks but I don't know how to confirm this. >>> >>> I wasn't sure about raising a new bug on this, or adding it to bug#13236,= in case it was a real hostile network and should be blocked. >>> >>> >>> Hoping you can help me with this. >>> >>> Regards, >>> >>> Adolf. >>> >> --=20 Sent from my laptop --===============6595082456156049480==--