« new pats posted - 20090827 (maintenance pats release) | Main | new pats posted - 20090828 (maintenance pats release) »

August 27, 2009

annoying-stupidity.volia.net

Oh, Ukraine, with your insane politics and beautiful politicians and inscrutable ways; I can't even begin to imagine what you were thinking when you decided upon this particular naming convention:

down.voucher.volia.net [77.122.32.76]
downfallless.pants.volia.net [77.122.243.144]
dozenness.falsetto.volia.net [77.121.25.141]
alien.insinuate.volia.net [77.123.143.240]
drafting-literature.volia.net [77.122.241.46]
drapesly-commuter.volia.net [77.122.219.160]
drawbridgeless-prospect.volia.net [77.123.55.143]
drawing.copybook.volia.net [77.121.220.46]
dressless-debate.volia.net [77.123.181.13]
drill.abacus.volia.net [77.121.76.192]
drilling-stupidity.volia.net [77.121.11.96]
drinking.lament.volia.net [77.121.155.22]
drugless-increment.volia.net [77.122.100.173]
drunk-ruling.volia.net [77.121.184.226]
alien.surprising.volia.net [77.123.57.160]
dry-seeker.volia.net [77.123.216.236]
dubing-stub.volia.net [77.121.61.114]
dutchness-reentry.volia.net [77.123.204.154]
dutchness.birthrate.volia.net [77.122.64.96]
dwelling-bookends.volia.net [77.122.84.111]
dwindling-poultice.volia.net [77.122.219.252]

Yes, in order to name their end user residential cable and DSL modem pool hosts, they used English words randomly combined. Some are separated by dashes, others by dots. And that, as far as it goes, would be fine. Stupid, but fine. But then they decided, on a different network, not to use any separators - so that the hostname is just a word or a couple of words jammed together.

contemporary.volia.net [77.122.155.147]

The problem, for us, is that when we try to come up with a pattern for this sort of naming, we have to use things like:

[a-z]+\.[a-z]+\.volia.net

[a-z]+\-[a-z]+\.volia\.net

To match the "contemporary" host above, we have to just match:

[a-z]+\.volia.net

The real problem is that pattern also matches other hosts that are most likely part of their infrastructure, or unassigned:

cmts.volia.net [82.144.194.5]
metro.volia.net [77.120.63.50]
unknown.volia.net [82.144.193.254]

And we don't want that. Or, more accurately, we don't want to say that the third pattern above matches only "dynamic" broadband hosts, because it's obviously going to match statics and Cable Modem Termination System boxes, though those latter shouldn't be sending spam, anyway. But it may also match other hosts, perhaps retroactively if they decide to rename relay1.volia.net to match mail.volia-lviv.com (which domain also features the same sort of word-word and word.word naming, but at least not yet the wordword naming).

I'm sure someone thought this was pretty clever. I'd love to hear the story behind it, actually. But it's a real pain in the neck for antispam folks. Please, just block outbound port 25 and then tell me the story. I won't think it's funny until after you secure it against all the spam that's spewing out of it.

Posted by schampeo at August 27, 2009 8:01 PM