[ On Saturday, January 15, 2000 at 16:55:46 (-0700), Forrest W. Christian wrote: ]
Subject: Re: Fw: Administrivia: ORBS [LONG]
On Fri, 14 Jan 2000, Kai Schlichting wrote:
People who object to their networks being scanned for SMTP vulnerabilities on occasion (with an interval that ranges from a couple of weeks to a couple of months) have something to hide.
Sorry, hate to pick nits, but we have 13 relay attempts from ORBS in our maillog between 9p last night up until 4:50 today.
Since 6 Jan, there have been 113 relay attempts from orbs. Or, better put over 10 a day on average.
Hmmm... very interesting. I've only received two over the past year, and one has been since my first public posting on this subject. If you trust how ORBS claims to work as being true this would suggest that a lot of eager beavers have been much more active at submitting test requests to ORBS ever since this subject came up. I've no doubt that these kind of people are more than willing to target various networks out of their own agendas rather than basing their test requests solely on actual spam events (as ORBS requests that they do). Just because people are anti-spam doesn't mean they're perfect! :-)
This doesn't seem like "once every 2 weeks" let alone once every 2 months.
There's a very fine line for ORBS to walk here. Those of us who use it obviously want it to be as accurate as possible, just as those who become listed in it do. If it doesn't find and list open relays being abused quickly we'll be just as upset as those who don't get off the list as soon as they've fixed their mailers are. Since ORBS is automated this means that an algorithm must be used to determine how frequently a test must be repeated (whether it's for the purpose of confirming a fix, or for the purpose of confirming that a site has been broken again). I don't know if there is such an algorithm in place yet or not, of course. I think a lot of the BS here would be avoided if people were to discuss rationally the attributes of various possible algorithms for ORBS to use to determine re-testing frequencies in different circumstances. The participants of this particular forum should be more than capable of having such a rational discussion, shouldn't we..... -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>