Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]


Chronological Thread 
  • From: "Daniel Quintiliani" <danq AT runbox.com>
  • To: "discuss" <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] Fwd: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177 [SBL325026]
  • Date: Wed, 04 Jan 2017 21:35:03 -0500 (EST)

Perhaps because we have a "subversive" mission?

--

-Dan Q


On Wed, 4 Jan 2017 18:23:47 -0500, Christopher <weblionx AT gmail.com> wrote:

> Not to mention that there's nothing stopping the malware from using a
> different .bit domain, or a .geek, or even a .com or .info TLD.
>
> My assumption is that the reason they're even doing this is because
> unlike .geek or .com, there is no one to talk with to get the domain
> removed, so they just went "well you're making it easy for them so
> nyeh". What's to stop a new version of malware from using .bit
> directly without a T2 acting as a proxy?
>
> On Wed, Jan 4, 2017 at 3:33 PM, Jonah Aragon <jonaharagon AT gmail.com> wrote:
> > There is central organization in the OpenNIC version of the .bit system.
> > It
> > certainly isn't true Namecoin connectivity.
> >
> > But that is the issue, yeah. Fusl blocking a domain now sets a precedent,
> > so
> > I definitely don't think this would be a good idea.
> >
> > I'm of the opinion that we should drop Namecoin resolution. There's little
> > benefit in my opinion. How many people use OpenNIC for .bit resolution?
> >
> > Jonah
> >
> > On Jan 4, 2017 2:29 PM, "Hillebrand van de Groep"
> > <hillebrand AT flippylosaurus.eu> wrote:
> >
> > There is no central organization in the .bit system. If one server
> > operator
> > decides to act like one, users will lose trust in the server (and it's
> > operator). If a operator blocks one domain, what will stop him from
> > blocking
> > another one _without_ any malicious intent?
> >
> >
> > On January 4, 2017 9:23:15 PM GMT+01:00, JC <jc AT motorsports-x.com> wrote:
> >>
> >> i agree with the sentiment of not censoring anyone... but when malware
> >> traffic is out to cause harm.. i feel there is a duty to prevent that
> >> harm..
> >> i would have no problem with the Access control in this case... but
> >> that's
> >> just me. i would not be upset either way to be honest.
> >>
> >> On Wed, Jan 4, 2017 at 1:53 PM, Fusl Dash <opennic AT lists.dedilink.eu>
> >> wrote:
> >>>
> >>>
> >>>
> >>> -------- Forwarded Message --------
> >>> Subject: Re: FINAL REMINDER: Malware DNS server at 185.121.177.177
> >>> [SBL325026]
> >>> Date: Wed, 4 Jan 2017 20:50:19 +0100
> >>> From: The Spamhaus Project - SBL Removals <sbl-removals AT spamhaus.org>
> >>> Organization: The Spamhaus Project
> >>> To: Kevin Holly | FuslVZ Ltd <holly AT fuslvz.ws>
> >>>
> >>> Hello Kevin
> >>>
> >>> Thanks for contacting Spamhaus!
> >>>
> >>> Looking into the malware's botnet trafic, it appears that it is using
> >>> your DNS server to resolve .bit domain names. So the easiest way to
> >>> prevent that the malware can communicate with it's botnet controller
> >>> (C&C) would be to create an ACL for the said botnet C&C domain
> >>> (nutsystem325z.bit) to prevent that it is being resolved through your
> >>> DNS server.
> >>>
> >>> Please understand that we are unable to remove this listing unless the
> >>> documented abuse problem has been fully terminated.
> >>>
> >>> If you have any further questions, please do not hesitate to contact us.
> >>>
> >>> --
> >>> Best regards
> >>> Thomas Morrison
> >>>
> >>> SBL Removal Team
> >>> The Spamhaus Project
> >>> Geneva, Switzerland
> >>> http://www.spamhaus.org
> >>>
> >>> On 04.01.2017 16:42, Kevin Holly | FuslVZ Ltd wrote:
> >>> > Dear madam or sir,
> >>> >
> >>> > the DNS resolver in question is a *recursive* DNS resolver and part of
> >>> > the OpenNIC Project (https://www.opennicproject.org/ - alternative
> >>> > root-zone) responsible for offering *the* uncensored, open and
> >>> > democratic
> >>> > DNS system and root-zone that people need in this world right at this
> >>> > moment.
> >>> >
> >>> > › dig +short NS nutsystem325z.bit. @185.121.177.177
> >>> > ns1.domaincoin.net.
> >>> > ns2.domaincoin.net.
> >>> > -> ns1.domaincoin.net. and ns2.domaincoin.net. are authoritative for
> >>> > nutsystem325z.bit.
> >>> >
> >>> > › dig +short A ns1.domaincoin.net. @185.121.177.177
> >>> > 83.96.168.183
> >>> > › dig +short A ns2.domaincoin.net. @185.121.177.177
> >>> > 108.61.40.140
> >>> > -> Neither ns1 nor ns2 are in any way associated with my server
> >>> > 185.121.177.177
> >>> >
> >>> > › dig +short A nut22.nutsystem325z.bit @83.96.168.183
> >>> > 202.78.227.61
> >>> > › dig +short A nut22.nutsystem325z.bit @108.61.40.140
> >>> > 202.78.227.61
> >>> > -> ns1.domaincoin.net. and ns2.domaincoin.net. are authoritative for
> >>> > this and therefore answer with the A record in question.
> >>> >
> >>> > The .bit DNS zone authoritative for the domain in question is hosted
> >>> > by
> >>> > Namecoin, a blockchain based information network similar to how
> >>> > Bitcoin
> >>> > transactions are executed, therefore there is no single point of
> >>> > failure or
> >>> > person or company who is able to manage or censor any domains.
> >>> >
> >>> >
> >>> > Best regards,
> >>> >
> >>> > Kevin Holly | Chief Executive Officer
> >>> >
> >>> > kevin.holly AT fuslvz.ws | +43 699 1334 7295
> >>> > _____ ___ _______
> >>> > | ___| _ ___| \ \ / /__ /
> >>> > | |_ | | | / __| |\ \ / / / /
> >>> > | _|| |_| \__ \ | \ V / / /_
> >>> > |_| \__,_|___/_| \_/ /____|
> >>> >
> >>> >
> >>> > On 2017-01-04 16:08, notification AT spamhaus.org wrote:
> >>> >>
> >>> >> ------------------------------------------------------------------------
> >>> >> This is an automated message from the Spamhaus Block List (SBL)
> >>> >> database.
> >>> >> Do not reply to this email directly. Please follow the 'Removal
> >>> >> Procedure' shown on the SBL Advisory page (referenced below) instead.
> >>> >>
> >>> >> ------------------------------------------------------------------------
> >>> >>
> >>> >> Dear Sir or Madam
> >>> >>
> >>> >> In the past weeks, Spamhaus reached out to you several times
> >>> >> regarding
> >>> >> the following abuse issue in your network:
> >>> >>
> >>> >> SBL Advisory: https://www.spamhaus.org/sbl/query/SBL325026
> >>> >>
> >>> >> We have already sent an abuse report to you regarding this abuse
> >>> >> problem on 2016-12-16 as well as a reminder on 2016-12-27. However,
> >>> >> we still
> >>> >> didn't received any response from you regarding this abuse issue and
> >>> >> as of
> >>> >> today the described abuse problem still exists, threatening
> >>> >> thousands of
> >>> >> innocent internet users.
> >>> >>
> >>> >> We hereby kindly ask you once again to take the appropriate action
> >>> >> according to your ToS/AUP at the earliest convenience to p
> >>> >> revent further abuse being generated on your network.
> >>> >>
> >>> >> This is our 3rd and last reminder. Since the ongoing persistence of
> >>> >> this abuse issue and your unresponsive behaviour, Spamhaus currently
> >>> >> considers your network as harmful and risky to Spamhaus SBL users.
> >>> >> Should
> >>> >> your company fail to address the described abuse problem within the
> >>> >> next 24
> >>> >> hours, Spamhaus will issue an escalation listing for your network,
> >>> >> per SBL
> >>> >> escalation policy for 'knowingly providing spam support services'.
> >>> >> This
> >>> >> escalation may take effect in 24 hours time.
> >>> >>
> >>> >> Spamhaus SBL Policy & Listing Criteria:
> >>> >> http://www.spamhaus.org/sbl/policy.html
> >>> >>
> >>> >> Please be aware that a listing on the SBL means that email from the
> >>> >> IP
> >>> >> addresses listed (or containing references to any web site hosted on
> >>> >> the IP
> >>> >> addresses listed) may be rejected by Internet networks that use the
> >>> >> SBL to
> >>> >> filter inbound mail.
> >>> >>
> >>> >> Please take action quickly.
> >>> >> Thank you.
> >>> >>
> >>> >> --
> >>> >> SBL System Robot
> >>> >> The Spamhaus Project
> >>> >> http://www.spamhaus.org
> >>> >>
> >>>
> >>
> >
> > --
> > Sent from my Android device with K-9 Mail. Please excuse my brevity.
> >
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing
> > discuss-unsubscribe AT lists.opennicproject.org
> >
> >
> >
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing
> > discuss-unsubscribe AT lists.opennicproject.org
> >
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





Archive powered by MHonArc 2.6.19.

Top of Page