[nsp-sec] block.blars.org
Florian Weimer
fweimer at bfk.de
Thu Feb 14 03:12:06 EST 2008
* Mario Campisano:
> Has anyone ever heard of "block.blars.org"? It appears that their
> domain is no longer active, yet, I had a customer who reports that
> they are that block list? I find it kind of strange that this list
> is affecting them, since the domain is dead, but, I figured I would
> throw it out there for a possible contact?
blars.org was operated by a fellow Debian Developer, Robert Alan
Larson. Like many others in our field, he is sometimes difficult to
work with, which also extended into his blacklist work. His dispute
resolution procedure was somewhat obnoxious (IIRC, it was some "pay
for delisting checks" scheme, but he probably just wanted to make fun
of people who took his list seriously, or something like that).
Robert lost control of his domain in a dispute with GoDaddy in late
2006. This means that no matter what happens today, it is no longer
his fault.
The domain ended up at some parking service. Like most of them, this
services uses a wildcard A record to catch traffic to all subdomains,
which ends up creating false positive entries in the blacklist (most
DNSBL clients do not check that the reply is within 127.0.0.0/24 or
even 127.0.0.0/8).
(You may share the previous paragraph outside NSP-SEC, obviously, but
please keep the other information private.)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list