original - http://dsbl.org/cgi-bin/ezmlm-browse.cgi?command=showmsg&list=dsbl-contact&month=200204&msgnum=149&threadid=mdankdclcjggmoadfacd

[by Thread] [by Date] [Thread] [Search] [eSubscribe]

[spamblock@security.rr.com: Re: Security Scans]


Subject: [spamblock@security.rr.com: Re: Security Scans]
From: Ian Gulliver <ian@penguinhosting.net>
Date: Wed, 10 Apr 2002 16:30:56 +0000


> The "problem" is that unauthorized penetration testing took place,
> without spam in hand, and without evidence of any wrongdoing or misuse, on a
> network not maintained by dsbl or any of its "trusted" testers.

All that I have to say is that all testing from ares.penguinhosting.net
has been done with relayed mail in hand.


----- Forwarded message from "Road Runner Security [WMH]" <spamblock@security.rr.com> -----

X-Comment: forwarded via abuse.net e-mail/usenet abuse reporting service
X-Comment: to domain(s) penguinhosting.net
To: spamabuse@accnorwalk.com
From: "Road Runner Security \[WMH\]" <spamblock@security.rr.com>
Subject: Re: Security Scans
Cc: penguinhosting.net@abuse.net, dsbl.org@abuse.net


The dsbl maintainers advocate and perform unauthorized penetration testing 
of networks. The maintainers of dsbl continue to perform unauthorized 
penetration testing of the Road Runner network, despite our demands to 
cease such testing, from their former ORBZ hosts, now renamed to 
penguinhosting.net, which remain blocked.

Return-Path: <spam-bounce@ares.penguinhosting.net>
Delivered-To: orbz@ares.penguinhosting.net
Received: from ares.penguinhosting.net

Whether or not the result is a "good" one (the fixing of a legitimate 
problem), the use of automated or semi-automated security testing, without 
authorization, on a network or system which is not owned or operated by the 
system or network owner, is unacceptable, which is why it is a violation of 
most Internet providers (including Road Runner's Acceptable Usage Policies).

If we tell our users that no, they cannot do it, then why should we allow a 
third party to do it to us? We will not, and we will actively pursue any 
attempts to circumvent or penetrate the security on our networks, including 
so-called "trusted" testers.

Similarly, recent claims by dsbl that a "confirmation" message needs to be 
sent in order to gleam removal from a list is ridiculous. The explanation 
given by dsbl.org administrators is that "The goal of requiring the 
confirmation email is to make sure that an administrator at the site in 
question is aware that there was a problem."

The "problem" is that unauthorized penetration testing took place, without 
spam in hand, and without evidence of any wrongdoing or misuse, on a 
network not maintained by dsbl or any of its "trusted" testers.

Until dsbl ceases the advocacy of this testing methodology, and ceases the 
unauthorized penetration testing on hosts within the Road Runner network, 
we will not remove our listing, as we believe it to be a continuing threat 
to the security of the Road Runner network.

RR Security

At 10:35 AM 4/10/2002 -0400, you wrote:
>RoadRunner
>
>I am a home user of your service and do work in an abuse department.
>Currently, your mail servers are setup to block all mail coming from (and
>possibly going to) dsbl.org:
>
>from http://www.dsbl.org
>Apr 9 2002: Note to rr.com: the rr.com admins have chosen to block all email
>from dsbl.org, this means they are unable to receive the confirmation emails
>needed to get their open relay outputs removed from DSBL. Unfortunately we
>cannot send them mail so if you are an rr.com user please let your admins
>know about this situation. (Apr 9)
>
>Considering your page at http://security.rr.com, I think you realize the
>important place blacklists play in preventing network abuse.  You use MAPS
>and your own local blacklist to try and prevent your users from getting spam
>(as a home user, I thank you).  The DSBL does similar for other people.  If
>you were to look of it as a resource (a way of knowing when one of your end
>users have created a mutli-stage open relay), you might be looking at it in
>a better and more correct light.
>
>Just a few thoughts.


----- End forwarded message -----

-- 
Ian Gulliver
Penguin Hosting

Reply