Home page logo

nanog logo nanog mailing list archives

Re: Stealth Blocking
From: Adam Rothschild <asr () latency net>
Date: Wed, 23 May 2001 13:31:22 -0400

On Wed, May 23, 2001 at 10:33:11AM -0400, Mitch Halmu wrote:
I have posted two URLs, one was to a slashdot article describing a
stealth assault on Macromedia. So as to clarify the provenance of
the URL previously given by others in full context [...]

Slashdot has never been an accurate news source, and the article
you've referenced is certainly no exception.

NetSide maintains its own access control list. If a particular ip or
ip range didn't abuse our servers, we feel no need to lock them
out. And certainly not because you say so. Not to mention that all
instances of abuse can be traced from logs to someone's ip, and
there is a venue of complaint with the abuser's provider.

Running open relays is _never_ an acceptable practice.  Allowing the
entire Internet to relay off your SMTP server, and then attempting to
block offenders after the damage is done, isn't very effective or
scalable.  We've had this discussion before.

We have a valid reason for doing so: locking our servers would
prevent our customers from roaming, and we would also lose a good
part of our non-local client base, some of them subscribed since
1995, who couldn't make full use of their accounts anymore.

Most responsible operators are using SMTP auth, POP/IMAP-before-SMTP,
secure tunneling, or some combination of the above to accomplish this.
Why aren't you?

Second, open relays were the norm until Paul Vixie decided you
should do otherwise. And in many cases, he convinced thy by brute
force that his way is the right way is the only way. But it wasn't
the legal way. Most providers bent over and silently took the
punishment. We won't. Do I seem to whine here?

I don't think AboveNet/MFNX even subscribes to the MAPS RBL.  Of
course, if they are/were denying access to Macromedia as part of an
internally-run blackhole, I give them props.

Third, the new 'rule' MAPS just came up with now is that you must
keep your server open to their 'testing', or they'll blackhole
you. See for yourself:
http://www.dotcomeon.com/nph-rss-remove-blocking.html That is the
reason given for blocking us the second time around. No new
'evidence', just open wide for inspection and say ahhh...

If you have a problem with this, take it up with its maintainers, not


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]