Home page logo
/

nanog logo nanog mailing list archives

RE: ORBS (Re: Scanning)
From: Roeland Meyer <rmeyer () mhsc com>
Date: Sun, 27 May 2001 11:30:28 -0700


From: Derek Balling [mailto:dredd () megacity org]
Sent: Sunday, May 27, 2001 11:20 AM

At 11:10 AM -0700 5/27/01, Roeland Meyer wrote:
 > I'm not sure I understand this logic:

 1.) They test positive for orbs... so they ARE an open relay
 2.) That system is using MAPS, which means that there is 
some subset
 of systems the open relay itself rejects mail from

I somehow missed your logic here. A MAPS blocked system is, 
by definition
NOT an open-relay, since it IS MAPS-blocked. Yet, ORBS will 
list it as an
open-relay. I agree, there is a disconnect here. Your second premis
invalidates the first. This may be a semantic issue, please 
examine and
clarify.

I think this is all a phrasology thing.

I'm sorry. I hate hare-splitting too.

Assuming "a MAPS-blocked system" means a system that is 
listed/blocked by MAPS as a spam source.

    Then your statement makes no sense because in all 
likelihood, that 
host IS an open relay.

My bad. What I meant was a MAPS-blocked system as a subcriber to MAPS. Not a
MAPS-known spam source.

Assuming "a MAPS-blocked system" means a system that is partaking of 
the MAPS lists to block inbound mail to it

    Then your statement further makes no sense, because any 
non-MAPS-listed host could (in theory) send mail to/through that 
system. If the system using MAPS is an open relay, then 
non-MAPS-listed hosts could quite happily/easily pump mail through 
that system regardless of whether or not it is using MAPS.

Not true, I'm assuming that MAPS isn't the only anti-spam measures being
implemented.

I might point out that, since MAPS has been running for a 
few years, most if
not all, the spammer sources are now listed.

I think my personal evidence (that about 90-95% of my spam that is 
blocked is NOT from MAPS sources) does not seem to bear that out.

You bear out my assumptions that other methods, besides MAPS and ORBS, are
being deployed as well. Feeding such data into MAPS would improve MAPS
accuracy.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]