North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Extreme spam testing

  • From: Andy Dills
  • Date: Mon Dec 22 13:50:46 2003

On Mon, 22 Dec 2003, Chris Brenton wrote:

> >  I hate spammers. I loathe and
> > despise them. I hate njabl even more.
>
> Agreed. My spam is _my_ problem and fixing it should not include making
> it everyone else's problem. Forget whether its legal, its pretty
> inconsiderate as many environments flag this stuff as malicious so it
> triggers alerts.

Hmm...actually, YOUR spam is MY problem. That's how this works.

I applaud njabl.

If you have open relays, proxies, or whatnot, I want to know about it, so
I can reject all mail from you. If we have a single entitity that does all
this scanning, we as individual entities do not need to scan ourselves.

Therefore, njabl is REDUCING the number of people scanning your netblocks
for proxies. If they didn't do it for me, I'd be doing it myself, along
with numerous other networks.

> As a follow up, it also looks like they did a pretty aggressive port
> scan of my system. Not sure how checking Telnet, X-Windows or RADIUS
> will tell them if I'm a spammer, but what ever.

proxies, proxies, proxies. But like you say, "whatever". It's not like you
would have noticed if you didn't obsessively scan your logfiles or have an
IDS.

> >  Well, nope, I didn't, and I don't. They just did it
> > again, and by "it", I mean that they hit every machine in my little
> > netblock
>
> I've tweaked my perimeter to return host-unreachables to all packets
> originating from their network (rate limited of course). If that stops
> them from accepting me mail, oh well I'll survive.

In the old days, when Abovenet and ORBS (I think, could be wrong, been
awhile) got into it, and ORBS (or whoever) blacklisted Abovenet's IP space
because they were firewalled, that was simply petty and stupid.

NJABL will not list you for preventing them from scanning your servers.
Is Jon aggressive? Yes. Is he a dickhead? No.

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---