Blacklist of Anonymous DCC Clients

# This blacklist of DCC clients is used by the public DCC servers.
#   See also http://www.dcc-servers.net/dcc/ or
#   http://www.rhyolite.com/dcc/ concerning the DCC
#
#   This list contains IP addresses and blocks of addresses of DCC clients
#   that persistently cause problems including sending more than 100,000
#   requests per day to the public DCC servers.
#
#   This is http://www.rhyolite.com/dcc/client-blacklist.html and
#   http://www.dcc-servers.net/dcc/client-blacklist.html
#
#   Operators of DCC servers can use the user names and passwords that they
#   use to see the server status web page to see the consolidated lists
#   of busiest clients of the public DCC servers at
#   http://www.rhyolite.com/dcc/private/clients.cgi
#
#   Contact Vernon Schryver at vjs@rhyolite.com or use the web form at
#   http://www.rhyolite.com/cgi-bin/ct.cgi?sb=public+server+blacklist



# 400K operations/day for months from 149.242.224.10  mail.koerber.de
#   no response from abuse@cogentco.com, postmaster@koerber.de, or hauni.com
#   Christian Lohse, Hamburg DE
149.242.224.10


# about 1 million NOPs/day from 80.83.47.186 and 80.83.47.187
#   No response to email
#   VIDEO 2000 SA,  A. Vuillemez, Neuchâtel, Switzerland
80.83.47.0/24


# up to 1.2 million NOPs/day from 161.53.64.3
#   maja.zesoi.fer.hr 
#   no responses to email
161.53.64.0/24


# 500K operations/day for months from 200.196.28.51 and 200.196.28.52
#   no response from abuse@matrix.com.br, gerope@matrix.com.br,
#	or postmaster@matrix.com.br
#   MATRIX INTERNET S.A., Eber Luglio Lacerda,
# still broken 2009/04/28
200.196.28.0/24


# ains.net.au
#   Australia InterNet Solutions
#   380K to 1.2M requests/day from 202.126.109.235, or far more than the
#	threshold that causes the automatic DoS defenses to block all of
#	their requests
#   They respond to email with pleas to not blacklist them, but no effective
#	or enduring actions
202.126.109.235


# 600K operations/day 
#   no reverse-DNS n name; no response from CIDR block whois contact
218.236.90.202


# Fortinet.com seems to be following a familiar business plan
#   and not only selling a product that misappropriates the CPU cycles,
#   bandwidth, and human administration efforts of the public DCC servers
#   but also generates bogus DCC requests packets.
#	Michael Xie, Sunnyvale CA
65.39.139.0/24
#   fortinet.com has address 203.160.224.97
#   fortinet.com mail is handled by 5 MAIL.APSECURE.com.
#	Wen-Shyang Shiau Chunghwa Telecom wsshiau@chti.com.tw
#   AP Secure Technologies Burnaby BC
#   APSECURE.com has address 203.160.224.97
#   asianproducts.com  Media Federal Co. Taipei TW
#   APSYS.NET  Media Federal Co. Taipei TW
203.160.224.0/19


# Guardian Digital is yet another organization with a business
#   plan based on selling the misappropriated CPU cycles, bandwidth,
#   and human system administration labor spent on the public DCC servers.
#   350K OPs/day from 64.1.16.5, bwimail01.guardiandigital.com
64.1.16.0/24
#   300K OPs/day from 74.201.172.168, bwimail02.guardiandigital.com
74.201.172.0/24


# FortressITX, 100 Delawanna Ave, Clifton, NJ
#   400-500K NOPs/day and no response to questions
#   The reverse DNS for 69.72.145.30 changed to mail.pwebtech.com and
#	then to mail-intake.fortressitx.com
#	Pegasus Web Technologies, Franklin Lakes, NJ
69.72.145.0/24


# cryptoheaven.com,
#	Adam Kurzawa
#	5-2325 Hurontario Street, Suite 206
#	Mississauga CA
#   986,723 ops/day
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
64.34.231.40/29


# viruscheckservice.de
#   300K operations/day
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
#   particularly amusing is that mail to postmaster@viruscheckservice.de
#	and flo@degnet.de, the contact address for viruscheckservice.de,
#	is rejected with
#	"450-Your address 192.188.61.3 has mailed to spamtraps here"
80.73.96.0/24


# Kenosha Information Technology, 8809 39th Ave, Kenosha WI
#   mailsnare.net
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
209.236.228.64/27
70.85.220.194


# unspam.com, openpop3.com
#   Eric Langheinrich,
#   Unspam Technologies, Inc., 1901 Prospector Avenue, Park City, Utah
#   violates the license on the free DCC software
66.114.104.64/26


# TS Technology or Top Security
#   tstechnology.net, TS Technology, Dublin, IE
#   topsectechnology.com, Dublin, IE
#   yet another seller of misappropriated CPU cycles, bandwidth, and system
#	administration labor of the public DCC servers
62.77.162.0/26


# First Gulf Bank, P O Box 6316, Abu Dhabi, UAE
# Suresh Rajagopalan  195.229.126.213 fgb-mail.fgb.ae
#   configured a DCC client to send requests to the public DCC servers,
#   did not configure their firewall to accept the DCC responses,
#   and then demanded the identity of an attacker on their
#   "web-server" doing "TCP / UDP / ICMP scans" so that "action
#   could be initiated against user as per law of UAE or any other
#   countries applicable laws"
195.229.126.208/28


# mailroute.net
#   suppress system log complaints in case these dead servers awaken
199.89.0.0/21


# aaaonlinux.com, indiannic.com
#   does not meet the terms & conditions for use of the public DCC servers
208.115.35.224


# suppress complaints from servers about stale DCC Reputations trial
#   for client-ID 400016
85.189.66.43


# $Date: 2009/07/03 02:38:22 $
Contact Vernon Schryver at vjs@rhyolite.com or using the form. Do not send mail to the spam trap.