Lookup Record or IP # 
Enter: 

Packet Rejecting

Only individuals, companies, or internet service providers who manage their own routers or firewalls are able to use the method documented below to filter packet traffic with SPEWS.

Filtering TCP/IP packets using any blocklisting data is considered a bit controversial by some, in fact, very few SPEWS users implement this level of rejection. The reason being, when traffic is denied at the packet level, the listed site being rejected is, in most cases, unaware this is occurring and sees the lack of a connection as "network trouble." Unlike the bouncing back of an email with a message from a mailserver's spam filter system, there is usually no feedback to the listed site as to the reason for this trouble. (note: OpenBSD's spamd can give one the best of both worlds)

At this time, SPEWS will just present this option as something one might consider as long as the consequences are known. As with all private networks, one has the right to accept or reject traffic from anyone or any place they choose and if this is what a small, bandwidth limited, network needs to do, it can be done.

Someone wanting to use this method should have a good working knowledge as to how one sets up routers, hardware/software based firewalls and system level packet filters. Here are some links one may want to read on this subject, the actual implementation will be left to the end user:

An interesting snippet of shell scripting to build IPCHAINS files was recently presented in a Usenet message sig: 
 --
 The Anonymous Engineer Presents: Spews, Bourne in 3

 for IP in `lynx -dump -width=1000 http://www.spews.org/spews_list_level1.txt | \
 grep -v "#" | sed 's/ .*$//gi'`; do /sbin/ipchains -A input -p \
 all -s $IP -d 0/0 -b -j REJECT;done

A modification to the above has been posted using a slightly different method and using IPCHAINS DENY rather than REJECT: 
 #SPEWs ipchains script
 #
 for IP in `lynx -dont_wrap_pre -dump 
 http://www.spews.org/spews_list_level1.txt | \
 awk '{print $1}' | \
 grep -v "#"`; \
 do \
 /sbin/ipchains -A input -p all -s $IP -d 0/0 -b -j DENY; \
 done

And a modification to the above IPCHAINS version using IPTABLES was shown (which could also be set to "tarpit" connections): 
 lynx -dump -source http://www.spews.org/spews_list_level1.txt \
   | awk '{print $1}' | egrep ^[0-9][0-9] \
   > spammers-list &&
   while read SPAMMER ; do
   /usr/local/sbin/iptables -t filter -I INPUT -p tcp --dport smtp \
   -j DROP -s $SPAMMER --syn
 done < spammers-list

OpenBSD users should check out pf, the OpenBSD Packet Filter (or pf combined with relaydb). Solaris and other system users may find its technology and this presentation interesting. (slide 1 / slide 2)

Starting with OpenBSD 3.3, SMTP packet level filtering using SPEWS is built into the system by means of "spamd" - a spam deferral daemon, which SMTP connections can be redirected to. This daemon handles connections based on black lists and white lists, tar-pits the connections, and ensures that the spammer knows why their mail has not been accepted.

Files that list the SPEWS data in an IP range format can be found here: Level 1 data and here: Level 2 data. These files can also be downloaded in a much smaller and CRC'd "bzip" compressed format here: Level 1 data or here: Level 2 data or at spfilter.sourceforge.net.

How often should one download these? Once or twice a day for most users, if you wish to do hourly downloads (shorter periods than that yield nothing and waste bandwidth), please fetch the compressed format versions.

SPFilter provides the same data in other formats which can be used to create router/firewall and MTA deny tables.

Please read the differences between the two levels of SPEWS listings at the SPEWS FAQ page. Using only Level 1 is highly recommended if one wants to packet reject. In the future, files representing SPEWS data in "IPCHAINS" and other router/firewall deny table formats should be available, but for now one will need to build ones own.

 
uxn-combat SpamCon SpamCop Spamhaus ROKSO db CAUCE Euro CAUCE SBL
© 2000-2003 SPEWS.ORG