Hello Adolf,
thank you for raising this.
There used to be a time where Peg Tech Inc. was hijacking a lot of stolen AFRINIC IPv4 networks. They have a conglomerate of Autonomous Systems, I'll look into it and see whether the issue is still ongoing.
That having been said, a lot of Autonomous Systems being manually listed in the "hostile networks" category stems from Spamhaus ASN-DROP listings. Alas, this feed was suspended in October 2021, and I am not aware of any other publicly available ASN blocklist that offers a comparable false positive rate.
As soon as ASN-DROP - eventually - comes back, I hope to ditch most of our custom hostile entries for Autonomous Systems. My gut feeling is that the approach of just incorporating their data works pretty well with the (E)DROP lists, and saves us an ongoing maintenance task for which I unfortunately lack spare time at the moment. :-/
Thanks, and best regards, Peter Müller
Hi Peter, Searched in the spamhause drop.txt file and there is only one network range that starts with 107 and that is
107.182.240.0/20 ; SBL390277
Peg Tech Inc are using 107.148.0.0/15 so definitely not in the range of any of the spamhaus drop IP's.
Just checked the spamhaus edrop list and that has IP ranges that no closer to not covering Peg Tech Inc.
Based on the above I think I am coming to the conclusion that the problem in bug#13236 is also causing this problem but where, when libloc is updated the hostile networks flag is set on this IP range even though neither of the spamhaus drop lists include it.
I think I will add it as additional input into the bug#13236 report later on today.
Regards, Adolf.
On 15/08/2023 15:37, Adolf Belka wrote:
Hi Peter,
I am getting a DROP_HOSTILE for a web site, oldlinux.org
Looking in libloc it shows up as hostile
location lookup 107.148.241.134 107.148.241.134: Network : 107.148.0.0/15 Country : United States of America Autonomous System : AS54600 - PEGTECHINC Hostile Network safe to drop: yes
However in spamhaus it says that oldlinux.org and 107.148.241.134 have no issues.
I ran a couple of blacklist checkers on the ip. blacklistchecker.com came back with a pass on everything. dnschecker.org came back with a pass on everything except from dnsbl.spfbl.net who have it flagged because it doesn't have an rDNS
With the problems we are having currently with selective announcements of networks, I wasn't sure if this problem I have encountered is coming from the libloc database or is a real problem.
oldlinux is hosted on the network from Peg Tech Inc hosting so maybe they are a hoster of hostile networks but I don't know how to confirm this.
I wasn't sure about raising a new bug on this, or adding it to bug#13236, in case it was a real hostile network and should be blocked.
Hoping you can help me with this.
Regards,
Adolf.