nanog mailing list archives
ORBS (Re: Scanning)
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Sun, 27 May 2001 14:15:06 +0000 (GMT)
Date: Sun, 27 May 2001 02:02:24 -0400 (EDT) From: Greg A. Woods <woods () weird com>
But, ORBS remains indefensible.
It would seem that I have no problems either defending it, or using it.
ORBS catches far more than MAPS. My take is that anybody who has a
problem with the infrequent ORBS probes should have a huge problem with
the daily bombardment of relay attempts.
Besides, whoever said that one must use ORBS "out of the box"? I maintain
a whitelist of IP addresses to override ORBS. As much as I'd like to see
Earthlink get a clue, MSN close their relays (have they yet?), and
RoadRunner cooperate, I allow their MXes through when I find them.
Modern spammers have gotten nasty. They use hundreds of different relays,
each time changing the source address:
a57e6s () t8iji7 somedomain tld
in46hi () diief4 anotherdomain tld
xkm8ey () ithi62 yetanotherdomain tld
with * DNS so that all subdomains resolve, and the subject:
I have no respect for netiquette!!!!! [i35ed7]
I have no respect for netiquette!!!!! [ed8ooe]
I have no respect for netiquette!!!!! [h8qi2h]
So as to throw off MXes that look for the same message again and again.
I suppose that scanning the body and looking for repetition is possible,
but it's only a matter of time until _that_ get perturbed in 100 different
fashions.
Bottom line: Blocking mail from rogue servers is the best way to stop
spam and to not be a party to somebody else getting relay-raped. Anyone
with clue closed relays how many years ago?
I don't buy the "we need open relay for nationwide users" argument,
either. Build a cheap MX that does nothing but take mail from a given
POP, and send it to the world. Anti-spoofing at the border, don't accept
mail from the outside world, and you're done.
Eddy
---------------------------------------------------------------------------
Brotsman & Dreger, Inc.
EverQuick Internet Division
Phone: (316) 794-8922
---------------------------------------------------------------------------
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- Re: Scanning (was Re: Stealth Blocking), (continued)
- Re: Scanning (was Re: Stealth Blocking) Paul Vixie (May 24)
- Re: Scanning (was Re: Stealth Blocking) Mitch Halmu (May 24)
- Re: Scanning (was Re: Stealth Blocking) Greg A. Woods (May 24)
- Re: Scanning (was Re: Stealth Blocking) Christopher A. Woodfield (May 26)
- Re: Scanning (was Re: Stealth Blocking) Greg A. Woods (May 26)
- Re: Scanning (was Re: Stealth Blocking) William Allen Simpson (May 26)
- Re: Scanning (was Re: Stealth Blocking) William Allen Simpson (May 26)
- Re: Scanning (was Re: Stealth Blocking) Greg A. Woods (May 26)
- Re: Scanning (was Re: Stealth Blocking) William Allen Simpson (May 26)
- Re: Scanning (was Re: Stealth Blocking) Greg A. Woods (May 26)
- ORBS (Re: Scanning) E.B. Dreger (May 27)
- Re: ORBS (Re: Scanning) Randy Bush (May 27)
- Re: ORBS (Re: Scanning) J.D. Falk (May 27)
- Re: Scanning (was Re: Stealth Blocking) Steve Sobol (May 27)
- Re: Scanning (was Re: Stealth Blocking) Christopher A. Woodfield (May 27)
- Re: ORBS (Re: Scanning) Albert Meyer (May 27)
- RE: Stealth Blocking jlewis (May 24)
- RE: Stealth Blocking alex (May 24)
- network policy (was Re: Stealth Blocking) Paul Vixie (May 25)
- Re: network policy (was Re: Stealth Blocking) Paul Vixie (May 26)