RE: Sorbs.net DNS Blacklist

["Jim Serino" <jim.serino () mindspring com>]

As someone who is constantly fighting spammers and Scammer ISP's Like Fast
Colocation and Internap and Go Daddy.com for the websites they directly
control are nothing more than SCAM website that are using UDP Ports to
Advertise their scam thru the old Message Alert Pop-ups but are using them
to port attack me thru their advertisement. I have documented this in more
than one occurrence especially with the Fast Colocation that every time I
sent in a abuse report I was placed on the SORBS Blacklisting because they
wanted to stop me. I have another company called REALBESTWEB.com now doing
it thru RBL and I had warned the company and reported them to the
authorities but I am listed as blacklisted again. These Companies don't like
the constantly barrage of emails to their abuse line. In fact the fist one
to block me was Communist China since I was somehow following the 'Titan
Rain" Group. I send out security information to many of my old Computer
friends from our days at DEC and I send it out to my friends and relatives.

With Fast Colocation I have it document that EVERY TIME I sent in an abuse
report to their website I was blacklisted within minutes to SORBS. Now I am
being blacklisted by RBL and this is getting to be a game to them. Since I
takes far longer for an individual to clear the abuse than it does the ISP's
But I have Earthlink and I report all such incidents to them.

In the Beginning the Chinese were blacklisting me, and calling me a spammer
since I had been reporting to them of someone abusing their equipment and
the next day I would attacked in such a way I had to log off and dial
another phone line. Then the Chinese would contact the ISP they were using
as a jumping off site and then I would get blacklisted. I have been after
several of these scammer for a few years now but I only have 6 month worth
of emails and the blacklisted that started in January thru SORBS and now
thru RBL.

So as I write this I have been port scanned attacked and I am sending that
information along with firewall Traffic report to the ISP and the FTC and
Virginia's Cyber crime unit. I have 3 months of logs on 2 different systems
I use to connect to the Internet. But before you tell me to disable the
Message Service that was done in 2000 when I first saw the Message disable
in the Microsoft's Knowledge base for free and told the FTC that their were
scammers that were using that service to scam people into paying for a
program that would more than likely do more harm than good and that the
information was Free and these people were charging a fee to disable the
service. But my Firewall logs show that many are using it still to get
unsuspecting users to buy into these broadcast message that tell you to
download a Registry Cleaner or a Trojan Cleaner. It was when I saw that
within the Privacy statement that these companies first allow the scan to be
done and then somehow a clean machine has something in their registry and
that they must download the cleaner but there wasn't anything there and now
what the scanner is also doing is downloading a Keylogger and then
downloading personal information to their website and that they have
Security measure in place to make sure that your information will not be
used or that it is protected from hackers.

I have a listing of the jump thru site and the final websites. In Fact as I
was writing this I was Port Scan Attacked to tell me that I have a virus in
my Registry and to download their program.

Just thought all of you should understand what is happening to me since I
have taken it upon myself to close these scammers down.

Sincerely
James J. Serino
Ex-DEC Field Service Systems Engineer and Ex-OpenVMS Systems/Cluster/Network
Manager


-----Original Message-----
From: Cloy Tobola [mailto:cloy () tobola com]
Sent: Monday, March 20, 2006 20:55
To: security-basics () securityfocus com
Subject: Re: Sorbs.net DNS Blacklist

On Mon, 13 Mar 2006 at 23:48, Devdas Bhagat
<devdas_at_dvb.homelinux.org>

> SORBS itself does not block you.

Uh, if they are sharing blacklists that include a particular IP
address... I would say that they are definitely blocking something.

> They do not charge you money for delisting.

Really? Then why is this an issue? The fact that they don't pocket
the money is beside the point.

> Their argument is "You have done damage to the Internet
> commons. If you want to be a good citizen, please undo the damage by
> donating $ to <random charity>. Alternatively, wait for 90 days to be
> delisted automatically."

And what about the fact that they block IP ranges?
And what about the people that got listed because spam with faked
email addresses that were bounced?
And what about those people on shared servers who end up blocked by
association?

> Not extortion.
> Devdas Bhagat

If it looks like a duck and quacks like it duck....

Start dropping $50 here and there. Before you know it, they'll start
with, "Next time send the money to US. We need it for expenses."

-Cloy

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------