Home page logo
/

nanog logo nanog mailing list archives

Re: Stealth Blocking
From: John Payne <john () sackheads org>
Date: Wed, 23 May 2001 08:36:06 -0700


On Wed, May 23, 2001 at 10:33:11AM -0400, Mitch Halmu wrote:

On Wed, 23 May 2001, John Payne wrote:

Umm... yes.  You run an open, abused mail relay, got listed in RSS and
whine about it rather than fix it.

I have posted two URLs, one was to a slashdot article describing a stealth 
assault on Macromedia. So as to clarify the provenance of the URL 
previously given by others in full context. Don't see your comments 
there. Why? Perhaps the ACLU and those other do-good  organizations 
command more respect than an ISP? But they're talking about the same 
thing!

If you believe everything you read in slashdot, you're either incredibly
naieve or unbelievably clueless.

Just the smallest bit of research in a relevant mailing lists archives
would yield the reasons why macromedia was RBL'd and why the listing was
removed.  (Macromedia runs unconfirmed mailing lists, mailing lists get
people added who don't want to be on the list, people complain to Macromedia,
no response, people nominate Macromedia to MAPS, MAPS contacts Macromedia,
no response, MAPS adds Macromedia to RBL, Macromedia contacts MAPS, 
Macromedia promises to cleanup act, MAPS removes Macromedia from RBL) 

The latter was to explain our position. Let's make several things clear. 
First, what is the difference between an open relay and a free email 
account somewhere? None, absolutely none. You could subscribe as Michael 
Mouse today, and the emperor of China tomorrow. Yet such service, with no 
credit card or implant chip to validate your true identity, giving away 
free resources to the world, is perfectly legit in your judgement.

Most free e-mail services aren't being abused.  The spam with hotmail or
juno or whatever return addresses are not being sent through hotmail or
juno or whoever, they're being sent through open relays like yours.

NetSide maintains its own access control list. If a particular ip or ip
range didn't abuse our servers, we feel no need to lock them out. And 

Bully for you.  In the meantime the rest of us have to eat up the spew
coming from your server until you decide that they've reached whatever
abuse threshold you set.

certainly not because you say so. Not to mention that all instances of 
abuse can be traced from logs to someone's ip, and there is a venue of
complaint with the abuser's provider. We have a valid reason for doing 
so: locking our servers would prevent our customers from roaming, and we 
would also lose a good part of our non-local client base, some of them
subscribed since 1995, who couldn't make full use of their accounts
anymore.

Absolute rubbish.


Second, open relays were the norm until Paul Vixie decided you should do
otherwise. And in many cases, he convinced thy by brute force that his 
way is the right way is the only way. But it wasn't the legal way. Most 
providers bent over and silently took the punishment. We won't. Do I seem 
to whine here?

Yes

Third, the new 'rule' MAPS just came up with now is that you must keep your 
server open to their 'testing', or they'll blackhole you. See for yourself:
http://www.dotcomeon.com/nph-rss-remove-blocking.html
That is the reason given for blocking us the second time around. No new 
'evidence', just open wide for inspection and say ahhh...

Uhhh... so how do you propose that relays are tested to make sure they're
closed before being removed from the database?

Could you be more clueless? 

That's just about what I was going to ask you. This is not about the 
merits of some technological implementation over another. It is about
basic rights and freedoms shamelessly trampled upon by those that can
thump their chests the loudest and have Daddy Warbucks bankroll their
operation. Say you fall out of grace with the 'in' crowd tomorrow, could 
it be your turn?

Oh, I'm constantly falling in and out of ORBS and peoples killfiles.
Do I particularly care?  Nope... people have a right to block whatever traffic
they want from their machines.
 
If you want to whine some more, news.admin.net-abuse.email is over there ->
and spam-l is that way <-

And you, John Payne, are here. And clearly on the side of the network
operator that's deliberately destroying the connectivity of other networks.
This problem won't just go away, as much as you want it swept under the
rug.

I'm in both those places (and more) as well.  If you want to stalk me at
least do others the favour of doing it where your whines stand a chance of
being ontopic... and if you're really lucky you might pick up a friend or
two on the way.


-- 
John Payne      http://www.sackheads.org/jpayne/    john () sackheads org
http://www.sackheads.org/uce/                    Fax: +44 870 0547954
        To send me mail, use the address in the From: header


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault