Security Basics mailing list archives
RE: Sorbs.net DNS Blacklist
From: "Jim Serino" <jim.serino () mindspring com>
Date: Tue, 21 Mar 2006 14:56:09 -0500
As someone who is constantly fighting spammers and Scammer ISP's Like Fast Colocation and Internap and Go Daddy.com for the websites they directly control are nothing more than SCAM website that are using UDP Ports to Advertise their scam thru the old Message Alert Pop-ups but are using them to port attack me thru their advertisement. I have documented this in more than one occurrence especially with the Fast Colocation that every time I sent in a abuse report I was placed on the SORBS Blacklisting because they wanted to stop me. I have another company called REALBESTWEB.com now doing it thru RBL and I had warned the company and reported them to the authorities but I am listed as blacklisted again. These Companies don't like the constantly barrage of emails to their abuse line. In fact the fist one to block me was Communist China since I was somehow following the 'Titan Rain" Group. I send out security information to many of my old Computer friends from our days at DEC and I send it out to my friends and relatives. With Fast Colocation I have it document that EVERY TIME I sent in an abuse report to their website I was blacklisted within minutes to SORBS. Now I am being blacklisted by RBL and this is getting to be a game to them. Since I takes far longer for an individual to clear the abuse than it does the ISP's But I have Earthlink and I report all such incidents to them. In the Beginning the Chinese were blacklisting me, and calling me a spammer since I had been reporting to them of someone abusing their equipment and the next day I would attacked in such a way I had to log off and dial another phone line. Then the Chinese would contact the ISP they were using as a jumping off site and then I would get blacklisted. I have been after several of these scammer for a few years now but I only have 6 month worth of emails and the blacklisted that started in January thru SORBS and now thru RBL. So as I write this I have been port scanned attacked and I am sending that information along with firewall Traffic report to the ISP and the FTC and Virginia's Cyber crime unit. I have 3 months of logs on 2 different systems I use to connect to the Internet. But before you tell me to disable the Message Service that was done in 2000 when I first saw the Message disable in the Microsoft's Knowledge base for free and told the FTC that their were scammers that were using that service to scam people into paying for a program that would more than likely do more harm than good and that the information was Free and these people were charging a fee to disable the service. But my Firewall logs show that many are using it still to get unsuspecting users to buy into these broadcast message that tell you to download a Registry Cleaner or a Trojan Cleaner. It was when I saw that within the Privacy statement that these companies first allow the scan to be done and then somehow a clean machine has something in their registry and that they must download the cleaner but there wasn't anything there and now what the scanner is also doing is downloading a Keylogger and then downloading personal information to their website and that they have Security measure in place to make sure that your information will not be used or that it is protected from hackers. I have a listing of the jump thru site and the final websites. In Fact as I was writing this I was Port Scan Attacked to tell me that I have a virus in my Registry and to download their program. Just thought all of you should understand what is happening to me since I have taken it upon myself to close these scammers down. Sincerely James J. Serino Ex-DEC Field Service Systems Engineer and Ex-OpenVMS Systems/Cluster/Network Manager -----Original Message----- From: Cloy Tobola [mailto:cloy () tobola com] Sent: Monday, March 20, 2006 20:55 To: security-basics () securityfocus com Subject: Re: Sorbs.net DNS Blacklist On Mon, 13 Mar 2006 at 23:48, Devdas Bhagat <devdas_at_dvb.homelinux.org>
SORBS itself does not block you.
Uh, if they are sharing blacklists that include a particular IP address... I would say that they are definitely blocking something.
They do not charge you money for delisting.
Really? Then why is this an issue? The fact that they don't pocket the money is beside the point.
Their argument is "You have done damage to the Internet commons. If you want to be a good citizen, please undo the damage by donating $ to <random charity>. Alternatively, wait for 90 days to be delisted automatically."
And what about the fact that they block IP ranges? And what about the people that got listed because spam with faked email addresses that were bounced? And what about those people on shared servers who end up blocked by association?
Not extortion. Devdas Bhagat
If it looks like a duck and quacks like it duck.... Start dropping $50 here and there. Before you know it, they'll start with, "Next time send the money to US. We need it for expenses." -Cloy --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Sorbs.net DNS Blacklist, (continued)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- Re: Sorbs.net DNS Blacklist jfvanmeter (Mar 10)
- RE: Sorbs.net DNS Blacklist Beilin Zhang (Mar 10)
- RE: Sorbs.net DNS Blacklist Joseph (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 13)
- RE: Sorbs.net DNS Blacklist Jason Williams (Mar 14)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 15)
- Re: RE: Sorbs.net DNS Blacklist souldream (Mar 15)
- RE: Sorbs.net DNS Blacklist Brad Berson (Mar 16)
- Re: Sorbs.net DNS Blacklist Cloy Tobola (Mar 21)
- RE: Sorbs.net DNS Blacklist Jim Serino (Mar 21)
- Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 24)