Subject: [spamblock@security.rr.com: Re: Security Scans]
From: Ian Gulliver <ian@penguinhosting.net>
Date: Wed, 10 Apr 2002 16:30:56 +0000
> The "problem" is that unauthorized penetration testing took place, > without spam in hand, and without evidence of any wrongdoing or misuse, on a > network not maintained by dsbl or any of its "trusted" testers. All that I have to say is that all testing from ares.penguinhosting.net has been done with relayed mail in hand. ----- Forwarded message from "Road Runner Security [WMH]" <spamblock@security.rr.com> ----- X-Comment: forwarded via abuse.net e-mail/usenet abuse reporting service X-Comment: to domain(s) penguinhosting.net To: spamabuse@accnorwalk.com From: "Road Runner Security \[WMH\]" <spamblock@security.rr.com> Subject: Re: Security Scans Cc: penguinhosting.net@abuse.net, dsbl.org@abuse.net The dsbl maintainers advocate and perform unauthorized penetration testing of networks. The maintainers of dsbl continue to perform unauthorized penetration testing of the Road Runner network, despite our demands to cease such testing, from their former ORBZ hosts, now renamed to penguinhosting.net, which remain blocked. Return-Path: <spam-bounce@ares.penguinhosting.net> Delivered-To: orbz@ares.penguinhosting.net Received: from ares.penguinhosting.net Whether or not the result is a "good" one (the fixing of a legitimate problem), the use of automated or semi-automated security testing, without authorization, on a network or system which is not owned or operated by the system or network owner, is unacceptable, which is why it is a violation of most Internet providers (including Road Runner's Acceptable Usage Policies). If we tell our users that no, they cannot do it, then why should we allow a third party to do it to us? We will not, and we will actively pursue any attempts to circumvent or penetrate the security on our networks, including so-called "trusted" testers. Similarly, recent claims by dsbl that a "confirmation" message needs to be sent in order to gleam removal from a list is ridiculous. The explanation given by dsbl.org administrators is that "The goal of requiring the confirmation email is to make sure that an administrator at the site in question is aware that there was a problem." The "problem" is that unauthorized penetration testing took place, without spam in hand, and without evidence of any wrongdoing or misuse, on a network not maintained by dsbl or any of its "trusted" testers. Until dsbl ceases the advocacy of this testing methodology, and ceases the unauthorized penetration testing on hosts within the Road Runner network, we will not remove our listing, as we believe it to be a continuing threat to the security of the Road Runner network. RR Security At 10:35 AM 4/10/2002 -0400, you wrote: >RoadRunner > >I am a home user of your service and do work in an abuse department. >Currently, your mail servers are setup to block all mail coming from (and >possibly going to) dsbl.org: > >from http://www.dsbl.org >Apr 9 2002: Note to rr.com: the rr.com admins have chosen to block all email >from dsbl.org, this means they are unable to receive the confirmation emails >needed to get their open relay outputs removed from DSBL. Unfortunately we >cannot send them mail so if you are an rr.com user please let your admins >know about this situation. (Apr 9) > >Considering your page at http://security.rr.com, I think you realize the >important place blacklists play in preventing network abuse. You use MAPS >and your own local blacklist to try and prevent your users from getting spam >(as a home user, I thank you). The DSBL does similar for other people. If >you were to look of it as a resource (a way of knowing when one of your end >users have created a mutli-stage open relay), you might be looking at it in >a better and more correct light. > >Just a few thoughts. ----- End forwarded message ----- -- Ian Gulliver Penguin Hosting