On Wed, 23 May 2001 16:18:12 PDT, David Schwartz said:
ORBS claimed originally to be a list of confirmed open relays, which it once was and nobody really complained too much. The problem is, some sites began getting complaints about the ORBS probers probing their networks. As a result, some large sites (like abovenet) blocked the ORBS probers. ORBS countered by blacklisting all of abovenet's address blocks, incuding all of their non-multihomed customers. This blacklisted thousands of machines that had no open relays.
Well.. half of this is a red herring. The last time I checked (which was a re-check as I was writing this), ORBS had different ways of listing "known open relay" and "unable to check because of a block". Therefore, a carefully worded ORBS query should result in no blacklisting of "thousands of machines that had no open relays" (although of course, you would then not get a heads-up from ORBS regarding an actual open relay in a blocked address block. It's the site's decision whether it prefers false positives or false negatives. See http://www.orbs.org/usingindex.html for details... lot of options there. Flame-fests regarding ORBS probing should be redirected to /dev/null. Valdis Kletnieks Operating Systems Analyst Virginia Tech