FW: NEWSBANK:: Spamhaus disputes with Latvia's top-level domain registry over blocked IP ranges

-------------------------------------------
From: Paul Ferguson (RD-US)
Sent: Saturday, August 14, 2010 4:37:30 AM
To: Newsbank
Subject: NEWSBANK:: Spamhaus disputes with Latvia's top-level domain registry over blocked IP ranges
Auto forwarded by a Rule

Spamhaus disputes with Latvia's top-level domain registry over blocked IP ranges

Posted on 13 August 2010.

 

An email and open letter spat between anti-spam organization Spamhaus and NIC.LV, Latvia's top-level domain registry has brought attention to the fact that .lv web addresses are increasingly being used by spammers and DDoS attackers.

Spamhaus has detected this trend and has linked most of the offending traffic to a Microlines, a small ISP. Spamhaus' request of taking down those servers was met by silence, so the organization put the company's IP range on its blocklist.

Further investigation pointed to the fact that Microlines' traffic was being routed by a larger IPS by the name of Latnet Serviss. Spamhaus researcher again tried to report the abuse to this ISP, and again received no response. Spamhaus reacted by adding part of Latnet's IP range (based on the abuse address) to its blocklist.

So here is where the plot thickens. The Register reports that Spamhaus had no way of knowing that Latnet outsourced management its abuse department to the Institute of Mathematics and Computer Science with the University of Latvia, where the NIC.LV and Latvia's CERT are also housed.

Consequently, when Spamhaus blocked the IP range in question, it effectively cut off the Institute from the Internet - and this is where NIC.LV decided to step in.

Of course, the Institute's IP range was taken of the blocklist after a couple of hours, as soon as the mistake was reported, but that didn't stop the Institute and the registry from publicly voicing their discontent with Spamhaus' work.

Spamhaus founder Steve Linford responded by saying that "Spamhaus... thinks nic.lv, latnet.lv and their one-man 'CERT team' are cluelessly negligent in their handling of Latvian criminal botnet controllers we continually brought to their attention and which they ignored for so long."

Latnet Serviss also complained to Spamhaus, since the block was since moved to encompass its IP range, saying that they should not be blacklisted since they are one of the biggest ISPs in Latvia. Spamhaus was not swayed by this entreaty, and responded that Latvia is one of the smallest nations in the world - meaning that they will block anyone breaking the rules.

That got the NIC.LV riled up - they took the answer as belittling of them, their country and its Internet user community, and promptly asked for an independent arbiter to settle the disagreement.

 

 

 

http://www.net-security.org/secworld.php?id=9732

 

In FTR, we have also observed a marked increase by Eastern European criminals using Latvian hosters for their activities.

 

FYI,

 

-ferg

 

--

"Fergie", a.k.a. Paul Ferguson

 Threat Research,

 CoreTech Engineering

 Trend Micro, Inc., Cupertino, California USA