Home page logo
/

nanog logo nanog mailing list archives

RE: ORBS (Re: Scanning)
From: Roeland Meyer <rmeyer () mhsc com>
Date: Sun, 27 May 2001 11:10:08 -0700


From: Derek Balling [mailto:dredd () megacity org]
Sent: Sunday, May 27, 2001 10:49 AM

At 9:11 AM -0700 5/27/01, Roeland Meyer wrote:
A system that tests positive for ORBS , yet is using MAPS, 
will not be used
as a spam relay. Yet, ORBS will list such a system.

I'm not sure I understand this logic:

1.) They test positive for orbs... so they ARE an open relay
2.) That system is using MAPS, which means that there is some subset 
of systems the open relay itself rejects mail from

I somehow missed your logic here. A MAPS blocked system is, by definition
NOT an open-relay, since it IS MAPS-blocked. Yet, ORBS will list it as an
open-relay. I agree, there is a disconnect here. Your second premis
invalidates the first. This may be a semantic issue, please examine and
clarify. 

A MAPS-blocked system may show as an open-relay to another system not listed
in MAPS. However, it will show as closed to a system that is listed in MAPS.
It all depends on the source of the test. AHA! Maybe ORBS should be listed
in MAPS? That will certainly resolve this problem and ORBS will no longer
show false positives.

Somehow that means that non-MAPS-listed sources (of which there are 
many) are somehow magically restricted from relaying through the open 
relay?

Since your first sylogy didn't parse, this one didn't either.

I might point out that, since MAPS has been running for a few years, most if
not all, the spammer sources are now listed.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault