[Dshield] Whom do you trust?

Ed Truitt ed.truitt at etee2k.net
Thu Mar 6 16:36:49 GMT 2003


Actually, the name NJABL is an acronym - from their web site, it means Not
Just Another Bogus List.  I don't think they have anything to do with New
Jersey.  The contact information for the domain looks like a role account
for an ISP called atlantic.net, and the addresses match.  I would say that
njabl.org is owned/operated by someone at the ISP (if not the ISP itself),
and they scan for open relays and BL dial-ups and dynamic IP ranges, and
allow others to query / use their zones as well.


Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."


----- Original Message -----
From: "Chateauneuf" <dupape at bellatlantic.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, March 06, 2003 9:47 AM
Subject: Re: [Dshield] Whom do you trust?


> At 09:14 AM 3/6/2003 -0600, Ed Truitt authored the following:
> >I don't remember this group off the top of my head.  However, there is
> >nothing to prevent anyone from starting up their own DNSBL for spam.
And,
> >you are right, that would be a way to cover your scans for open relays.
We
> >PRESUME that the DNSBL will be used to BLOCK mail, but what if it is used
> >to IDENTIFY abusable systems...
>
> That's my concern. Check out the whois. All the information relates to the
> host in Florida (I'm assuming that this has something to do with New
> Jersey). The site contains no contact information or names. HOW DO WE
KNOW?
>
> Later today or tomorrow I'll post a follow-up on BlueTelegraph including
an
> explanation from the owner of how the IPs were hijacked. These folks have
a
> web site as well that gives the impression that they are an ISP. It seems
> that spammers are willing to go to great lengths;
>
> SO WHY NOT A DUMMY BL?
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>



More information about the list mailing list