Home page logo
/

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: "Jack Bates" <jbates () brightok net>
Date: Thu, 27 Feb 2003 21:58:16 -0600


From: <jlewis () lewis org>


We (Atlantic.Net) have gotten a flurry of abuse complaints from people
who's systems have been scanned by 209.208.0.15 (rt.njabl.org...a DNSBL
hosted on our network).  I'm hoping the new PTR record will head off many
complaints now.

For the past 15 months, NJABL has reactively tested systems that have
connected to participating SMTP servers to see if those systems are open
relays.  Just over a week ago, NJABL added open proxy testing to its relay
testing software.  The proxy testing checks for a variety of common proxy
software/protocols on about 20 different ports simultaneously.  This is
apparently setting off some IDS/firewall alarms.

We do not consider what NJABL does abuse, and we reply to all the

Ahh, yes. The age old debate. So long as you, their provider, doesn't
consider it abuse, they should be relatively safe. Obviously, there are some
net blocks up to stop the probes. There always are and always will be.
Networks don't like scans. One thing I'll say about NJABL, it's probably the
most accurate list for what it does. With the added proxy testing, they'll
get more people using the list, along with more complaints. I'll be adding
my log IP's to that list soon enough.

-Jack


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]