[tor-relays] webiron requesting to block several /24 subnet

[Dhalgren Tor]

FYI Webiron ceased sending these for my relay sometime between 11/24
and today (no reports for 11/25-27).

Possibly this is because I never look at or resolve the reports and
their system eliminates non-responding addresses to avoid listing by
spam honeypots.

If you wish to continue receiving these I suggest marking them
resolved--at least some of time.  In my case the cessation on this
path is desirable since the ISP has an automated system.

Or possibly Webiron has decided to no longer send reports to the
reverse-DNS abuse@ path, in which case this source of intelligence is
lost.

However one can view the Webiron abuse reporting history for an IP on
their web site using the link https://www.webiron.com/abuse_feed/ and
this would also serve as a way to establish if the abuse-desk has
arrived at the optimal approach to Webiron, i.e. ignoring them.


On Mon, Nov 16, 2015 at 11:36 PM, Dhalgren Tor <dhalgren.tor at gmail.com> wrote:
>>. . .I have to understand how my ISP reacts to this kind of things.
>
>>For the moment I will keep a low profile and I will block the
>>mentioned IP range for a month.
>
> Webiron's system sends notifications to both the abusix.org contact
> for the IP and to abuse at base-domain.tld for the reverse-DNS name of
> the relay IP.  So if you can configure abuse@ for the relay domain to
> forward to you, you will see their notices at the same time as the ISP
> abuse desk.  Might be helpful to know about it before they contact you
> and/or to see if they become familiar enough with the notices to
> ignore them.  Automated abuse complaints from other sources do not
> always go to the domain-based address.
>
> http://multirbl.valli.org/
>
> is a handy resource that shows the abuseix.org and abuse.net
> information, as well as how many DNSBLs the relay has racked up.  You
> can change the abuse.net contact but Webiron appears to ignore this
> source and simply construct the abuse@ from the rDNS domain name.