Well this explains a few things. What do you mean by 'blacklist' ? Are we talking about DNSBL's usually used to block spam sources? Or are we talking about something that more generically blocks IP's seen to originate 'malicious' behavior? Many 'blacklists' rigged to block spam as their primary function, will frequently or even by standard practice, block dynamic IP allocations. Clearly you can't attribute the behavior of one user who held a dynamic IP at some point, to the new holder of the same IP - but this also means that those of us in the real world shouldn't be trusting that our end-users will be on non-blacklisted IP's. Either don't operate the blacklist in question, live with it, or insist that your users have static IP's and whitelist those to get around it. If someone's using a spam-oriented blacklist to generate a list of IP's that should be treated as 'bad' for other purposes, is going to have a mixed success with this anyway, particularly if you're dealing with the big telco's that'll have a relatively large number of compromised or 'abusive' (for varying definitions of abusive) clients online at any one time, and proportionately small amount of resource dedicated to reputation-protection. Mark. On 19/02/2015 11:46 a.m., Daniel Christie wrote:
The incident I had this morning was a Spark NZ broadband customer, they didn't have a static IP as I asked them to restart their router which gave them a different IP address.
I wouldn't want to unblock them myself as this could cause them to get listed again and more permanently if they hadn't first resolved the cause of it themselves, like you have said.
I imagine, as it was a dynamic address that it would have been blacklisted by another one of Sparks customers beforehand and then dished out to the user I was talking to last night after their office had a power outage.
I've tried looking on the Spark NZ website but could not find any support article or help guide for this scenario. would anyone on this list (possibly from Spark broadband services) be able to help me with what should be done for this?
---------------------------------------------------------------------- Daniel Christie SYSTEMS ENGINEER/APPLICATION SPECIALIST
Depends who owns the IP space, in the event the ISP has provided space it¹s in your best interest to unblock them so if they get re-assigned to someone else they work. Again depends on what the customer is doing to continually get blacklisted, I.e. Not fixing an issue they were told to fix, like open NTP or something.
If the IP space belongs to your downstream customer, then it¹s their problem, but still good to try and assist for a quality of service.
-- Kind regards, Barry Murphy / Chief Operating Officer
On 19/02/15 10:59 am, "Daniel Christie"
wrote: Hello all, I'm working for a small web/mail hosting company. I've recently noticed a lot of blacklisted IP addresses from NZ based ISPs being dished out, part of our intrusion prevention methods involve denying connections from these addresses.
How do these blacklisted IP addresses get unlisted? Is it the responsibility of the customers of these ISPs or it is the responsibility of the ISP?
Daniel Christie _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog