From owner-freebsd-ipfw@freebsd.org  Fri Aug  9 16:48:45 2019
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 21F6ACCE54
 for <freebsd-ipfw@mailman.nyi.freebsd.org>;
 Fri,  9 Aug 2019 16:48:45 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 464rmD5rmNz3HN9
 for <freebsd-ipfw@freebsd.org>; Fri,  9 Aug 2019 16:48:44 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: by mailman.nyi.freebsd.org (Postfix)
 id C6D6FCCE53; Fri,  9 Aug 2019 16:48:44 +0000 (UTC)
Delivered-To: ipfw@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C6983CCE52
 for <ipfw@mailman.nyi.freebsd.org>; Fri,  9 Aug 2019 16:48:44 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 464rmB5h2vz3HN8
 for <ipfw@freebsd.org>; Fri,  9 Aug 2019 16:48:42 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
 by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x79GmY3L098261;
 Fri, 9 Aug 2019 09:48:34 -0700 (PDT)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
 by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id x79GmYbE098260;
 Fri, 9 Aug 2019 09:48:34 -0700 (PDT) (envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Message-Id: <201908091648.x79GmYbE098260@gndrsh.dnsmgr.net>
Subject: Re: amazonaws
In-Reply-To: <20190809051102.7127a793@dismail.de>
To: starikarp@dismail.de
Date: Fri, 9 Aug 2019 09:48:34 -0700 (PDT)
CC: Michael Sierchio <kudzu@tenebras.com>,
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 "ipfw@FreeBSD.org" <ipfw@freebsd.org>
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 464rmB5h2vz3HN8
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF
 policy when checking 69.59.192.140)
 smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net
X-Spamd-Result: default: False [1.72 / 15.00]; ARC_NA(0.00)[];
 TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[];
 NEURAL_SPAM_SHORT(0.57)[0.570,0]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net];
 AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.19)[0.194,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.01)[0.012,0];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(0.05)[ip: (0.15), ipnet: 69.59.192.0/19(0.08), asn: 13868(0.05),
 country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2019 16:48:45 -0000

> On Tue, 6 Aug 2019 18:42:29 -0700
> Michael Sierchio <kudzu@tenebras.com> wrote:
> 
> > On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes <
> > freebsd-rwg@gndrsh.dnsmgr.net> wrote:
> > 
> > > > Hi!
> > > >
> > > > Is it possible to bl;ock compute.amazonasws.com with ipfw
> > > > firewall. I have a table with many amazonasws IPs but every time
> > > > when I start Firefox it shows the new one (I am checkong with
> > > > tcpdump).
> > >
> > > Since it is almost impossible to keep up with the IP's....
> > >
> > 
> > This is not even remotely true.
> > 
> > https://ip-ranges.amazonaws.com/ip-ranges.json
> > 
> > is kept up-to-date, and you can subscribe to an SNS topic to be
> > notified of changes:
> > 
> > arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged
> > 
> > 
> > 
> > You could put the entire contents, or a portion of it, in an ipfw
> > table and swap tables atomically upon change.
> > 
> 
> I did try but there are not just compute.amazonasws.com as Rodney W.
> Grimesand wrote and with all blockings come more problems.

This is a spammer, scrapper, abuser, probably the only effective
means of controlling some of it is use of RBL or other blacklists.

Another would be amazon security should be prodded into
taking trademark issue, but the most that could happen
there is the domain name revoked, and the spammer just
goes on to another high profile domain name like
microsaft.com

# host microsaft.com
microsaft.com has address 93.191.156.32
microsaft.com mail is handled by 10 mx.unoeuro.com.

Welcome to the free world of anyone can be an abuser :-(
-- 
Rod Grimes                                                 rgrimes@freebsd.org