anti-spam vs network abuse

Roy garlic at garlic.com
Fri Feb 28 16:04:50 UTC 2003


I haven not checked NJABL but some of the other other open relay testers use
scenarios that are illegal (actually criminal) in California.

Roy


jlewis at lewis.org wrote:

> We (Atlantic.Net) have gotten a flurry of abuse complaints from people
> who's systems have been scanned by 209.208.0.15 (rt.njabl.org...a DNSBL
> hosted on our network).  I'm hoping the new PTR record will head off many
> complaints now.
>
> For the past 15 months, NJABL has reactively tested systems that have
> connected to participating SMTP servers to see if those systems are open
> relays.  Just over a week ago, NJABL added open proxy testing to its relay
> testing software.  The proxy testing checks for a variety of common proxy
> software/protocols on about 20 different ports simultaneously.  This is
> apparently setting off some IDS/firewall alarms.
>
> We do not consider what NJABL does abuse, and we reply to all the
> complaints explaining that the complainant should go have a look at
> http://njabl.org/ and hopefully they'll understand why their system was
> scanned.
>
> This sort of activity is becoming more common / mainstream, so people
> ought to just get used to it.  Road Runner is doing the same thing
> (according to http://sec.rr.com/probing.htm) which is pretty ironic given
> how their security department has gotten along with (or not) various
> DNSBLs in the past.
>
> BTW...in the week that NJABL has been testing for open proxies, more than
> 18000 have been detected, pretty much all of which are actively being
> abused by spammers, else mail would not have come through them.
>
> ----------------------------------------------------------------------
>  Jon Lewis *jlewis at lewis.org*|  I route
>  System Administrator        |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________




More information about the NANOG mailing list