Home page logo
/

nanog logo nanog mailing list archives

RE: Scanning (was Re: Stealth Blocking)
From: Roeland Meyer <rmeyer () mhsc com>
Date: Sun, 27 May 2001 00:01:36 -0700


From: woods () weird com [mailto:woods () weird com]
Sent: Saturday, May 26, 2001 11:02 PM

[ On Sunday, May 27, 2001 at 00:17:29 (-0400), William Allen 
Simpson wrote: ]

 But, ORBS
remains indefensible.

It would seem that I have no problems either defending it, or 
using it.
Whether I'm successful in the latter endeavour is only for me 
to decide.
Whether I'm successful in the former endeavour is a larger question.

The MAPS leads to far fewer mistakes -- does not block non-relaying 
servers just because they don't think the network has sufficient 
"action against spammers in recent months."  That's entirely 
judgmental, not operational.

The mechanically verified part of ORBS cannot, by definition, 
lead to any

Greg, it all comes down to ONE major issue ... collateral damage.

 We've been 
falsely accused by ORBS,

Which list were you on again?  Wasn't it the manual netblocks list?

without any evidence of spamming.

He makes a perfectly valid point here. In the past few days I have seen much
testimony, from folks right here on this list, that were listed on ORBS.
I've also read testimony that their systems were never used for spam. I
can't imagine a spammer being on this list for long. Nor, can I imagine
those illustrious folks being spammers. Yet, they were on the ORBS list.
BTW, MHSC systems were also carried on ORBS for a while and when they were,
over 50% of my bandwidth was used to fend off crack attempts. Thank gawd I
was using MAPS at the time. None of the relay attempts got through.
Although, I *did* have to replace a couple of weak BIND boxen (thanks for
the extra work, BTW >:P ).

Brother, that is the very definition of collateral damage. In fact, it was
worse. It's "friendly fire". If we start taking out innocents and even our
own guys, the spammers will win. We need to start fighting the PURE WAR
against spammers. What ORBS does is to find innocents and paints bulls-eyes
on them for the spammers to find easier. The argument ORBS presented, on
their web-site, to justify this, is terribly weak. It still amount to
pointing the guns ... in the WRONG direction.

Please do not forget that ORBS goal is not to detect or 
prevent spamming per se.  

But, without spammer behavior, open-relays are perfectly acceptable. Else,
why was it the default option in sendmail for so long? The "anti" argument
falls over dead without spammers. It's not the gun, it's the bloke pointing
it.

It's full name should make this clear:  Open Relay Behaviour-
modification System.  Any open relay is a bad thing regardless of
whether it has yet been abused by a spammer (because it will 
undoubtably be abused unless it is closed first).

You make my point here. Remove spammers and ORBS becomes nothing more than a
totalitarian tool for a political agenda without merit. If I can run a relay
system safely (without spammer abuse) then you have lost the right to tell
me I can't do so because there is no possible damage to your systems. It's
also a control issue, I strongly resent someone, whom isn't paying the rent
here, trying to modify my behavior. I get enough of that from my government.

 ORBS blocks for political reasons, rather than technical.

I guess I can't really disagree with that, though I will 
point out that
I am using ORBS as a deterrent against such acts of theft of 
service and
fraud and thus it is in fact what's known as a "technical control".

Can't you see how inherently corrupt that is? Drop ORBS and go with MAPS. Be
friendly to your friends and disdain only those that are truely your
enemies.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]