[Dshield] Whom do you trust?

James C Slora Jr Jim.Slora at phra.com
Fri Mar 7 00:31:51 GMT 2003


Chateauneuf wrote Thu, 06 Mar 2003 09:00:52 -0500

> I got hit hard last night by rt.njabl.org; They scanned numerous ports.
> When I looked at the mail server log, amongst all the "we do not relay"
> messages, I see that they tried to log on with user name
> "before-reporting-as-abuse-please-see-www.njabl.org."
>
> OK I'm a jaded New Yorker but THAT would be an interesting ruse to scan
> sites for open relays with impunity. There's sure not much to the web site.
> Has anyone ever heard of this group?

Your ideas about spammers pretending to be serving the public are certainly
within the realm of possibility, but not IMHO in this particular case.

Google link:njabl.org - there are lots and lots of references to njabl. Plenty
of legitimate sites link to them, and they are listed in the Google directory.
Their sparse-looking site may not be attractive, but it is highly functional
for its simple purpose.

If you hate their probes, you can exclude yourself from future scans.
http://www.njabl.org/exclude.html

I get probed by them too. I personally don't mind it as long as it's from a
legitimate, public-spirited organization that doesn't scan too often and makes
its results available to others so they don't have to probe me too. I think
njabl fits that description well enough. Others will disagree.



More information about the list mailing list