Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]


Chronological Thread 
  • From: "Daniel Quintiliani" <danq AT runbox.com>
  • To: "discuss" <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]
  • Date: Wed, 04 Jan 2017 15:22:07 -0500 (EST)

+100%, Hillebrand

--

-Dan Q


On Wed, 04 Jan 2017 20:59:17 +0100, Hillebrand van de Groep
<hillebrand AT flippylosaurus.eu> wrote:

> Don't listen to them. You are a part of a peer to peer system. You should
> not perform censorship at all just because some third party - which you
> have no relation with - says you to do so.
>
> I am also very happy to publicly point out that Spamhaus is a company you
> don't want to deal with. They are malicious to the internet.
>
> Blocking people should be done by server operators, not by parties other
> than the server owner.
>
> What if a Spamhaus employee goes rogue and decides to block a entire range
> owned by some entity the employee does not like?
>
> Let me say this again: server operators should decide to block a host. You
> should not "outsource" thinking to another party.
>
> On January 4, 2017 8:53:21 PM GMT+01:00, Fusl Dash
> <opennic AT lists.dedilink.eu> wrote:
> >
> >
> >-------- Forwarded Message --------
> >Subject: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177
> >[SBL325026]
> >Date: Wed, 4 Jan 2017 20:50:19 +0100
> >From: The Spamhaus Project - SBL Removals <sbl-removals AT spamhaus.org>
> >Organization: The Spamhaus Project
> >To: Kevin Holly | FuslVZ Ltd <holly AT fuslvz.ws>
> >
> >Hello Kevin
> >
> >Thanks for contacting Spamhaus!
> >
> >Looking into the malware's botnet trafic, it appears that it is using
> >your DNS server to resolve .bit domain names. So the easiest way to
> >prevent that the malware can communicate with it's botnet controller
> >(C&C) would be to create an ACL for the said botnet C&C domain
> >(nutsystem325z.bit) to prevent that it is being resolved through your
> >DNS server.
> >
> >Please understand that we are unable to remove this listing unless the
> >documented abuse problem has been fully terminated.
> >
> >If you have any further questions, please do not hesitate to contact
> >us.
> >
> >--
> >Best regards
> >Thomas Morrison
> >
> >SBL Removal Team
> >The Spamhaus Project
> >Geneva, Switzerland
> >http://www.spamhaus.org
> >
> >On 04.01.2017 16:42, Kevin Holly | FuslVZ Ltd wrote:
> >> Dear madam or sir,
> >>
> >> the DNS resolver in question is a *recursive* DNS resolver and part
> >of the OpenNIC Project (https://www.opennicproject.org/ - alternative
> >root-zone) responsible for offering *the* uncensored, open and
> >democratic DNS system and root-zone that people need in this world
> >right at this moment.
> >>
> >> › dig +short NS nutsystem325z.bit. @185.121.177.177
> >> ns1.domaincoin.net.
> >> ns2.domaincoin.net.
> >> -> ns1.domaincoin.net. and ns2.domaincoin.net. are authoritative for
> >nutsystem325z.bit.
> >>
> >> › dig +short A ns1.domaincoin.net. @185.121.177.177
> >> 83.96.168.183
> >> › dig +short A ns2.domaincoin.net. @185.121.177.177
> >> 108.61.40.140
> >> -> Neither ns1 nor ns2 are in any way associated with my server
> >185.121.177.177
> >>
> >> › dig +short A nut22.nutsystem325z.bit @83.96.168.183
> >> 202.78.227.61
> >> › dig +short A nut22.nutsystem325z.bit @108.61.40.140
> >> 202.78.227.61
> >> -> ns1.domaincoin.net. and ns2.domaincoin.net. are authoritative for
> >this and therefore answer with the A record in question.
> >>
> >> The .bit DNS zone authoritative for the domain in question is hosted
> >by Namecoin, a blockchain based information network similar to how
> >Bitcoin transactions are executed, therefore there is no single point
> >of failure or person or company who is able to manage or censor any
> >domains.
> >>
> >>
> >> Best regards,
> >>
> >> Kevin Holly | Chief Executive Officer
> >>
> >> kevin.holly AT fuslvz.ws | +43 699 1334 7295
> >> _____ ___ _______
> >> | ___| _ ___| \ \ / /__ /
> >> | |_ | | | / __| |\ \ / / / /
> >> | _|| |_| \__ \ | \ V / / /_
> >> |_| \__,_|___/_| \_/ /____|
> >>
> >>
> >> On 2017-01-04 16:08, notification AT spamhaus.org wrote:
> >>>
> >------------------------------------------------------------------------
> >>> This is an automated message from the Spamhaus Block List (SBL)
> >database.
> >>> Do not reply to this email directly. Please follow the 'Removal
> >Procedure' shown on the SBL Advisory page (referenced below) instead.
> >>>
> >------------------------------------------------------------------------
> >>>
> >>> Dear Sir or Madam
> >>>
> >>> In the past weeks, Spamhaus reached out to you several times
> >regarding the following abuse issue in your network:
> >>>
> >>> SBL Advisory: https://www.spamhaus.org/sbl/query/SBL325026
> >>>
> >>> We have already sent an abuse report to you regarding this abuse
> >problem on 2016-12-16 as well as a reminder on 2016-12-27. However, we
> >still didn't received any response from you regarding this abuse issue
> >and as of today the described abuse problem still exists, threatening
> >thousands of innocent internet users.
> >>>
> >>> We hereby kindly ask you once again to take the appropriate action
> >according to your ToS/AUP at the earliest convenience to p
> >>> revent further abuse being generated on your network.
> >>>
> >>> This is our 3rd and last reminder. Since the ongoing persistence of
> >this abuse issue and your unresponsive behaviour, Spamhaus currently
> >considers your network as harmful and risky to Spamhaus SBL users.
> >Should your company fail to address the described abuse problem within
> >the next 24 hours, Spamhaus will issue an escalation listing for your
> >network, per SBL escalation policy for 'knowingly providing spam
> >support services'. This escalation may take effect in 24 hours time.
> >>>
> >>> Spamhaus SBL Policy & Listing Criteria:
> >>> http://www.spamhaus.org/sbl/policy.html
> >>>
> >>> Please be aware that a listing on the SBL means that email from the
> >IP addresses listed (or containing references to any web site hosted on
> >the IP addresses listed) may be rejected by Internet networks that use
> >the SBL to filter inbound mail.
> >>>
> >>> Please take action quickly.
> >>> Thank you.
> >>>
> >>> --
> >>> SBL System Robot
> >>> The Spamhaus Project
> >>> http://www.spamhaus.org
> >>>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





Archive powered by MHonArc 2.6.19.

Top of Page