Re: Sitefinder II, the sequel…
This is what i wanted to send to the nanog-ML lately but i used the wrong From address and now they’re (hopefully) over with the topic, so i decided to put it here:
On Wed, Jul 12, 2006 at 08:30:32AM +0100, Simon Waters wrote:
> > I'm at a loss to explain why people are
> > trying so hard to condemn something like this.
> Experience?
Let me give you an reallife example of what can happen, which i just
experienced on my Linux workstation:
I put the opendns.com resolvers as first nameservers in my resolv.conf
yesterday to get some opendns webbrowsing experience. It worked, it was
a bit slower than my regular browsing due to the delay europe<->us and
their webserver redirecting invalid addresses to search results, but it
worked.
Off course i forgot to remove their nameservers again yesterday evening.
I am running a local MTA on my workstation that does some additional
spam-filtering through SpamAsassin.
I logged in, strolled through my mailfolders and wondered where all
those mails were that i am used to get every day.
Well, guess what — SpamAsassing also checks for several DNS RBLs by default.
I looked in my spamfolder and found funny things like:
X-Warning: 194.97.50.132 is listed at blackholes.mail-abuse.org
X-Warning: merit.edu is listed at abuse.rfc-ignorant.org
...
1.0 X_WARNING_NJABL_DYNABLOCK listed at dynablock.njabl.org
1.0 X_WARNING_SPAMCOP_BL listed at bl.spamcop.net
...
Example:
dig a 90.7.97.194.dynablock.njabl.org @208.67.222.222
...
;; ANSWER SECTION:
90.7.97.194.dynablock.njabl.org. 1 IN A 208.67.219.40
...
So according to opendns even my workstation is situated in situated in a
dialup block.
Why is that? Well in 'the real world' this query returns NXDOMAIN but
opendns tries to be smart and help you finding out about the site you
wanted to visit by redirecting your browser to their search engines
results for your 'typo'. To do that they return this IN A record to
their webserver so all RBLDNS queries will be true when you use opendns'
recursors.
As a result all incoming mails were regarded as spam and thrown in the
spamfolder — luckily for me it wasn't a busy night.
Stefan
