Security

Sometimes, people/companies do things which leave me scratching my head.  In this case, Orange Internet of France wants us to whitelist or at least monitor for listings and spam from their network.  Normally, this kinda request isn't all that unusual, however in this case, it looks like Orange Internet sent a mass mailing to DNSbl maintainers and possibly large ISPs.

Subject: Orange introduces new MTA servers
Date: Mon, 12 Jul 2010 18:43:33 +0200
From: Service Abuse Orange Internet <abuse@orange.fr>
Reply-To: abuse@orange.fr
To: abuse@orange.fr

Miss, Sir,

Orange Internet is the major ISP in France where it provides about 6
million individual Internet accesses and about 16 million email accounts.

By the end of this month, Orange will put on line few new email
equipments (MTA) with new outgoing IP addresses.
Therefore, we would like to share these new IP addresses since you could
be able to observe a sudden raise of email traffic coming from them.

Our new IP addresses will be :

 80.12.242.123
 80.12.242.124
 80.12.242.125
 80.12.242.126
 80.12.242.127
 80.12.242.128
 80.12.242.129
 80.12.242.130
 80.12.242.131
 80.12.242.132
 80.12.242.133
 80.12.242.134
and
 193.252.23.210
 193.252.23.211
 193.252.23.212
 193.252.23.213
 193.252.23.214
 193.252.23.215

Please, let us quickly remind you of our policy to fight, under our
national laws, against Internet abuses from our subscribers:
- All email traffic sent from a dynamic IP address is driven to our
"subscribers MTA"
- Legal measures of protection against spam are applied
- Known compromised accounts are suspended and blocked
- Every complaint, documented with the headers of the abusive emails, is
treated by Orange abuse team (abuse@orange.fr) within 24h

Complaints being a essential source of information about our customers'
behaviour, thank you to let us know if you have a complaint feedback
loop that we could register. You are also welcome to send us all
complaints and all questions you may have at abuse@orange.fr.

Finally, considering the specific role of our MTAs, we would be very
grateful if you could whitelist their associated IP addresses or, at
least, offer them the usual protection you offer to large ISPs SMTP servers.

Regards,

Abuse Orange Internet technical role.

*sigh*

They probably should have run this by someone who actually has dealt with DNSbl maintainers before.

There's been a bit of lashback against the AHBL over our decision to list GoDaddy for allowing/supporting abuse from their network.  One particular person, Maria Langer decided to contact us about the issue directly.

Because there's an awful lot of misconceptions about how DNSbl systems work, and where we stand on policies, I decided to help Maria understand why we had taken the position we did, and explained to her in fairly reasonable detail.  Apparently, it's a cardinal sin to explain things, as she decided to write this lovely post blasting me.

The best part?  She didn't even bother to read the response I gave her.  I took quite a bit of time to think out what to say to her, and respond to it.  And even better, she's calling me unprofessional with a holier-then-thou attitude in how I handled the issue.

For someone who seems to be the expert in professional behavior, she sure had no problems sending me the following e-mail response:

Here's a hint, Maria, if you are going to call someone else unprofessional, do yourself a favor and behave professionally yourself.  Oh, and I'm a she. not an it.  Hoity toity enough to write a blog posting blasting me under the guise of being a kook, but obviously not important enough to use the spell checker while writing a response to an e-mail you never bothered to read.

And people wonder why I get annoyed with some people's ignorance.

I really should have done this after 5 years, but I apparently forgot or was caught up with other things.  But, anyway, it's been 7 long years of running the Abusive Hosts Blocking List - sometimes tedious, sometimes quite humorous, sometimes quite expensive.  To recap 7 years...

October 2003

First announcements were made about the AHBL, and it replacing the Summit Blocking List - our first incarnation of abuse fighting services that was sabatoged and wrecked by the actions of an overweight, arrogant, and downright greedy individual.  Although we had much less resources then before to begin with, we had the support of several launch partners as well as other DNSbl providers, and came out guns blazing.  It didn't take long before we had a dedicated user base and were finding/listing proxies faster then we had resources to handle.

2004-2005

Over the first two years, we added new services such as the RHSbl, which gave users/providers the ability to spot spam domains in the From: and body of e-mails.  When integrated with SpamAssassin, a powerful tool got even more powerful and accurate.  We suffered growing pains as our hardware hosting the services suffered failures and corruptions, forcing us to rebuild several times.

Richard Scoville's spamming for his 'FreeSpeechStore' got him in hot water on multiple occasions.  Libel/Slandering people, then trying to extort money out of them (Pay-Per-Libel), doesn't exactly go over very well with us.  Abuse reports were filed, providers were called, and heads rolled.

Barbara "SpongeBarb Earplants" Schwarz got what was coming to her after she abused usenet, wikipedia, and other resources to the point where she got tossed out of the SLC Library, all the while screaming bloody murder about how we violated her 'frea speach' 1st amendment rights (poor old bat, she forgets she's not an American citizen).   According to her, a 'still existing nazi group' has put ear implants into my head and is telling me to go after her.  Could have fooled me!

2005-2006

At the end of 2005, Richard Scoville of the FreeSpeechStore, with help from Barbara "SpongeBarb Earplants" Schwarz treid to sue myself, Andrew Kirch, and the SOSDG/AHBL.  Naturally, he made several critical mistakes with his case (as Lincoln once said, "A man who represents himself has a fool for a client."), and wasn't expecting the outpouring of help from the community in the form of donations to help our defense.  It didn't take long before our lawyer, the amazing and quite skilled Mary Claire Fischer, had Scoville backed into a corner.  As if his case wasn't as flimsy as it was, outside the courtroom he was making threats towards anyone who donated money and calling the judge a lame duck, while inside the courtroom it seemed like a scene from Benny Hill at times.

In the end, as expected, he epically failed with the judge dismissing the case because of lack of jurisdiction.  Apparently, he didn't do his research carefully enough - but what do you expect from the law offices of Dick, Babbles, and Kookery?  The whole case makes for a rather fun reading if you don't mind the few hundred pages of 'evidence'.  Funny thing is, throughout the case, he didn't even dispute the fact we called him a spammer.

A huge thank you goes out to all of our friends who helped us raise over $10k to help cover legal costs!

2006-2007

With the legal case out of the way, we started adding more services such as the TORbl and IRCbl, both of which were great resources of IRC admins and operators to help cut back on rampid drone/bot abuse.  Towards the end of the 2006 year, I stepped down as administrator of most of the SOSDG and AHBL with major health issues.

2007

With Xen getting mature, the SOSDG and AHBL were migrated to a fully redundant and highly reliable virtualization platform.  Most of the AHBL was automated, making maintance alot easier for everyone involved.  With newly inspired confidence and vigor, I rejoined the SOSDG as an administrator again and began work on the next generation AHBL.

2008

With assistance from various individuals, we swapped over to new hardware in a new data center - more bandwidth, more storage, more CPU power.  In Nov, we suffered a complete hardware failure with the SCSI RAID backplane failing and causing 4 of the 6 hard drives in the main server to be marked as bad.  Thanks to the help of our storage tech, we managed to save years of data and transferred it to replacement hardware.

2009-Current

With our services stable for the first time in many years, we've had to adapt to a changing enviroment where open proxies were losing ground to huge botnets under the control of spammers.  Manual additions these days outpace automatic from the proxy scanner.  We're preparing for two new services due out in the next 2-4 months - one of which I can't talk about yet, the other being a new DNSbl that takes pages from other lists, including SPEWS and the DSBL, and promises to deal with snowshoe spammers and other commercial mailing list providers who don't properly police their customers.

Quite a rocky road, but given how many other lists have fallen over the same time period, I think we did quite well for ourselves.  To the spammers, scammers, and abusers, know we'll be watching and ready to hold you accountable to your actions.

Sometimes, I stumble on interesting documents that I want to share with the world.  This random Focus On The Family document deals with domains they don't want their people e-mailing because of 'delivery issues' in the past.  Archived here just in case the original disappears.  Interesting how they claim its for 'legislative compliance'.

As head of The Abusive Hosts Block List, I'm always amused when a public official spams me.

I'm no longer a resident of NJ, and I certainly did not give any congress member or republican (for that matter) permission to e-mail me.

As one of those people who isn't lucky enough to have health insurance (beyond what Medicare covers, which is some but not all of the medical bills I have, such as medications), it angers me when I see members of our govt doing their best to sabatoge the efforts of our President to make sure everyone in this country gets the medical coverage they need.

Yes, I added them to the AHBL for spamming.  It's important to hold our public officials to the same standards that the rest of us have to follow.

Although the AHBL is no longer the huge and popular list it used to be, we still have many faithful and large users.  We run two different DNS daemons to handle queries, depending on what type of query is being done.  Queries against ahbl.org itself are handled by our BIND9 Linux server.  Queries for the various DNSbl lists are handled by rbldnsd, a piece of software specifically designed for serving up DNSbl queries.

Last time I checked, we were handling around 25-30 million DNS queries daily just on the BIND9 server alone.  I would have thought that our poor little Cisco 2621XM would be crying, but it's perfectly happy.

So, I've been thinking about this for a while...  I really would like a upnp option for cisco, but what about a workaround?

My idea is simple:

A daemon that sits on a linux box or something similar, pretends to be a upnp IGD, and sends console commands to create/delete ports on the actual Cisco device?

Yeah, kinda ugly, but I've seen worse.  Anyone got any ideas on how to do this, or how feasable this may be?