Home page logo

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: Roy <garlic () garlic com>
Date: Fri, 28 Feb 2003 08:04:50 -0800

I haven not checked NJABL but some of the other other open relay testers use
scenarios that are illegal (actually criminal) in California.


jlewis () lewis org wrote:

We (Atlantic.Net) have gotten a flurry of abuse complaints from people
who's systems have been scanned by (rt.njabl.org...a DNSBL
hosted on our network).  I'm hoping the new PTR record will head off many
complaints now.

For the past 15 months, NJABL has reactively tested systems that have
connected to participating SMTP servers to see if those systems are open
relays.  Just over a week ago, NJABL added open proxy testing to its relay
testing software.  The proxy testing checks for a variety of common proxy
software/protocols on about 20 different ports simultaneously.  This is
apparently setting off some IDS/firewall alarms.

We do not consider what NJABL does abuse, and we reply to all the
complaints explaining that the complainant should go have a look at
http://njabl.org/ and hopefully they'll understand why their system was

This sort of activity is becoming more common / mainstream, so people
ought to just get used to it.  Road Runner is doing the same thing
(according to http://sec.rr.com/probing.htm) which is pretty ironic given
how their security department has gotten along with (or not) various
DNSBLs in the past.

BTW...in the week that NJABL has been testing for open proxies, more than
18000 have been detected, pretty much all of which are actively being
abused by spammers, else mail would not have come through them.

 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]