Perhaps AboveNet would openly submit to testing by someone independent of ORBS who would agree not to release the detailed results (except to AboveNet) but who would check the validity of ORBS claims and provide a summary report. ORBS would of course have to be allowed to review the validity of the tests done.
ORBS has made no claims that there are open relays inside Abovenet. They are preemptively scanning Abovenet's address space IN CASE THERE ARE ANY relays, either belonging to Abovenet, or belonging to an Abovenet customer.
In this case AboveNet is a transport provider and in my opinion they're risking their status as a network carrier to be filtering in they way they are. (Not that I know anything about carrier rights! :-).
Right, like you said, YANAL. Abovenet also runs the MAPS RBL in BGP mode, and this hasn't hurt their status that I can tell from here.
Your own filtering of your own network when your own hosts are involved is a much different scenario.
It *is* Abovenet's own network. They sell transit to other people via their own network, but that doesn't change the ownership of Abovenet's network to somehow not include Abovenet. If you think Abovenet doesn't have the right to refuse service to anyone, then your property ethics are the same as any spammer's. And if Abovenet loses customers because they don't allow ORBS to probe them, then that's a matter for Abovenet's customers to decide. (MIBH uses the old Partan/Doran "maximum prefix length" filters on our BGP input side, which means we can't reach various nets who break up a /20 into a lot of discontiguous /24's each singly homed by a different transit provider. Do we, also, risk "losing our carrier status" because we exercise control over what routes and what traffic we carry?)
Finally can we please stop using the incorrect term "port scanner" here? ORBS does not "scan" and it most certainly doesn't scan arbitrary ports.
They are looking for port 25 on all addresses within /16'. You call it what you want, I'll call it a port scanner. -- Paul Vixie <vixie@mibh.net> >> But what *IS* the internet? > It's the largest equivalence class in the reflexive transitive > symmetric closure of the relationship "can be reached by an IP > packet from". --Seth Breidbart