Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]


Chronological Thread 
  • From: Jonah Aragon <jonaharagon AT gmail.com>
  • To: discuss <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]
  • Date: Wed, 4 Jan 2017 11:36:23 -0600

That specifically states it's a very small portion of the SBL and doesn't block any networks that are owned by legitimate organizations. This IP/network wouldn't apply.

Jonah

On Jan 4, 2017 10:53 AM, "Hamza" <bouaouda.h AT gmail.com> wrote:

On 4 January 2017 at 17:27, Michel Le Bihan <michel AT lebihan.pl> wrote:
Can you name/list the ISPs doing that?


Le 4 janvier 2017 17:19:59 GMT+01:00, Theo B <me AT theos.space> a écrit :
It will for people behind ISPs that use Spamhaus's blocklist.

On Wed, Jan 4, 2017 at 11:13 AM, Michel Le Bihan <michel AT lebihan.pl> wrote:
If they aren't hosting an email server, we can just ignore that... The blacklist won't mean anything.


Le 4 janvier 2017 17:01:45 GMT+01:00, JC <jc AT motorsports-x.com> a écrit :
Thats fair enough.   

On Jan 4, 2017 09:55, "Jonah Aragon" <jonaharagon AT gmail.com> wrote:
OpenNIC isn't so keen on censorship. We aren't judges of web content. If Spamhaus thinks they're a problem they can block the C&C server's IP, not ours. 

</$0.02>

Jonah


On Jan 4, 2017 9:48 AM, "JC" <jc AT motorsports-x.com> wrote:
can you not block the ip's that are resolving or attempting to resolve  Command and control servers?  


"More than 10 days later, the documented abuse problem still exists. As of today, the host at 185.121.177.177 is running a DNS server (ab)used by the Neutrino botnet to resolve its botnet command&control (C&C) domain names."


you basically told them you cant stop it... thats not gonna fly. 

On Wed, Jan 4, 2017 at 9:34 AM, Fusl Dash <opennic AT lists.dedilink.eu> wrote:



-------- Forwarded Message --------
Subject: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]
Date: Wed, 4 Jan 2017 16:33:36 +0100
From: Kevin Holly | FuslVZ Ltd <holly AT fuslvz.ws>
Organization: FuslVZ Ltd
To: notification AT spamhaus.org, abuse AT fuslvz.ws, abuse AT abuse.li, abuse AT choopa.com

Dear madam or sir,

the DNS resolver in question is a *recursive* DNS resolver and part of the OpenNIC Project (https://www.opennicproject.org/ - alternative root-zone) responsible for offering *the* uncensored, open and democratic DNS system and root-zone that people need in this world right at this moment.

› dig +short NS nutsystem325z.bit. @185.121.177.177
ns1.domaincoin.net.
ns2.domaincoin.net.
-> ns1.domaincoin.net. and ns2.domaincoin.net. are authoritative for nutsystem325z.bit.

› dig +short A ns1.domaincoin.net. @185.121.177.177
83.96.168.183
› dig +short A ns2.domaincoin.net. @185.121.177.177
108.61.40.140
-> Neither ns1 nor ns2 are in any way associated with my server 185.121.177.177

› dig +short A nut22.nutsystem325z.bit @83.96.168.183
202.78.227.61
› dig +short A nut22.nutsystem325z.bit @108.61.40.140
202.78.227.61
-> ns1.domaincoin.net. and ns2.domaincoin.net. are authoritative for this and therefore answer with the A record in question.

The .bit DNS zone authoritative for the domain in question is hosted by Namecoin, a blockchain based information network similar to how Bitcoin transactions are executed, therefore there is no single point of failure or person or company who is able to manage or censor any domains.


Best regards,

Kevin Holly | Chief Executive Officer

kevin.holly AT fuslvz.ws | +43 699 1334 7295
 _____          ___     _______
|  ___|   _ ___| \ \   / /__  /
| |_ | | | / __| |\ \ / /  / /
|  _|| |_| \__ \ | \ V /  / /_
|_|   \__,_|___/_|  \_/  /____|


On 2017-01-04 16:08, notification AT spamhaus.org wrote:
> ------------------------------------------------------------------------
> This is an automated message from the Spamhaus Block List (SBL) database.
> Do not reply to this email directly. Please follow the 'Removal Procedure' shown on the SBL Advisory page (referenced below) instead.
> ------------------------------------------------------------------------
>
> Dear Sir or Madam
>
> In the past weeks, Spamhaus reached out to you several times regarding the following abuse issue in your network:
>
> SBL Advisory: https://www.spamhaus.org/sbl/query/SBL325026
>
> We have already sent an abuse report to you regarding this abuse problem on 2016-12-16 as well as a reminder on 2016-12-27. However, we still didn't received any response from you regarding this abuse issue and as of today the described abuse problem still exists, threatening thousands of innocent internet users.
>
> We hereby kindly ask you once again to take the appropriate action according to your ToS/AUP at the earliest convenience to p
>  revent further abuse being generated on your network.
>
> This is our 3rd and last reminder. Since the ongoing persistence of this abuse issue and your unresponsive behaviour, Spamhaus currently considers your network as harmful and risky to Spamhaus SBL users. Should your company fail to address the described abuse problem within the next 24 hours, Spamhaus will issue an escalation listing for your network, per SBL escalation policy for 'knowingly providing spam support services'. This escalation may take effect in 24 hours time.
>
> Spamhaus SBL Policy & Listing Criteria:
> http://www.spamhaus.org/sbl/policy.html
>
> Please be aware that a listing on the SBL means that email from the IP addresses listed (or containing references to any web site hosted on the IP addresses listed) may be rejected by Internet networks that use the SBL to filter inbound mail.
>
> Please take action quickly.
> Thank you.
>
> --
> SBL System Robot
> The Spamhaus Project
> http://www.spamhaus.org
>

--
Best regards

Fusl - root AT meo.ws - http://meo.ws/





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




Archive powered by MHonArc 2.6.19.

Top of Page