Hi Peter,
Thanks for the feedback.
On 15/08/2023 17:51, Peter Müller wrote:
Hello Adolf,
thank you for raising this.
There used to be a time where Peg Tech Inc. was hijacking a lot of stolen AFRINIC IPv4 networks. They have a conglomerate of Autonomous Systems, I'll look into it and see whether the issue is still ongoing.
That doesn't sound like a good hosting network at all. I will live without that website then unless it gets officially cleared in a future list.
That having been said, a lot of Autonomous Systems being manually listed in the "hostile networks" category stems from Spamhaus ASN-DROP listings. Alas, this feed was suspended in October 2021, and I am not aware of any other publicly available ASN blocklist that offers a comparable false positive rate.
I missed that list, but of course it is currently empty.
As soon as ASN-DROP - eventually - comes back, I hope to ditch most of our custom hostile entries for Autonomous Systems. My gut feeling is that the approach of just incorporating their data works pretty well with the (E)DROP lists, and saves us an ongoing maintenance task for which I unfortunately lack spare time at the moment. :-/
I am not sure if it will come back. From what I have seen it has been missing now since last October due to "Operational Reasons". Something that has not found a solution in ten months I suspect will never find one.
Regards, Adolf
Thanks, and best regards, Peter Müller
Hi Peter, Searched in the spamhause drop.txt file and there is only one network range that starts with 107 and that is
107.182.240.0/20 ; SBL390277
Peg Tech Inc are using 107.148.0.0/15 so definitely not in the range of any of the spamhaus drop IP's.
Just checked the spamhaus edrop list and that has IP ranges that no closer to not covering Peg Tech Inc.
Based on the above I think I am coming to the conclusion that the problem in bug#13236 is also causing this problem but where, when libloc is updated the hostile networks flag is set on this IP range even though neither of the spamhaus drop lists include it.
I think I will add it as additional input into the bug#13236 report later on today.
Regards, Adolf.
On 15/08/2023 15:37, Adolf Belka wrote:
Hi Peter,
I am getting a DROP_HOSTILE for a web site, oldlinux.org
Looking in libloc it shows up as hostile
location lookup 107.148.241.134 107.148.241.134: Network : 107.148.0.0/15 Country : United States of America Autonomous System : AS54600 - PEGTECHINC Hostile Network safe to drop: yes
However in spamhaus it says that oldlinux.org and 107.148.241.134 have no issues.
I ran a couple of blacklist checkers on the ip. blacklistchecker.com came back with a pass on everything. dnschecker.org came back with a pass on everything except from dnsbl.spfbl.net who have it flagged because it doesn't have an rDNS
With the problems we are having currently with selective announcements of networks, I wasn't sure if this problem I have encountered is coming from the libloc database or is a real problem.
oldlinux is hosted on the network from Peg Tech Inc hosting so maybe they are a hoster of hostile networks but I don't know how to confirm this.
I wasn't sure about raising a new bug on this, or adding it to bug#13236, in case it was a real hostile network and should be blocked.
Hoping you can help me with this.
Regards,
Adolf.