[ On , January 15, 2000 at 11:11:43 (-0800), Paul Vixie wrote: ]
Subject: Re: Fw: Administrivia: ORBS
ORBS has made no claims that there are open relays inside Abovenet. They are preemptively scanning Abovenet's address space IN CASE THERE ARE ANY relays, either belonging to Abovenet, or belonging to an Abovenet customer.
That's flat out wrong. Please read the ORBS web pages and do some actual queries of their database and their DNS RBL zone. A full list of all verified open relays in known AboveNet netblocks is readily available therein. So far AboveNet hasn't denied that there are/were open relays on "their" networks either, at least not to my knowledge. All we know now is that ORBS can no longer be used to prove that there are none remaining. ORBS also maintains that they do not, nor have they ever, systematically and preemptively scanned any networks. They also actively discourage users of their web interface from doing such scanning and I've heard second hand that they do in fact cut off access to the web interface by anyone attempting such scans. I am sure many of us would be very interested in seeing concrete verifiable evidence of such preemptive scanning, either by ORBS or their users, but so far none has been produced that I'm aware of. BTW, unless you can read minds you cannot know why an IP# has been submitted to the ORBS web interface for testing. Given that I'm an optimist, and given there's no evidence to the contrary, I can only assume that each and every one is either a result of actual spam, or a test by the postmaster of the mailer being tested.
It *is* Abovenet's own network. They sell transit to other people via their own network, but that doesn't change the ownership of Abovenet's network to somehow not include Abovenet.
In my own opinion I would say the "ownership", whatever that means in a virtual on-line world, changes as soon as they assign a network within one of their own netblocks to one of their customers. Eg. even though my own network is assigned from a UUNET block, I am the only one who owns the rights to receive packets at my IP addresses, or indeed the right to block such packets (to the extent that packets to or from my network don't cause some transit provider grief in the form of a denial of service attack or such).
If you think Abovenet doesn't have the right to refuse service to anyone, then your property ethics are the same as any spammer's. And if Abovenet loses customers because they don't allow ORBS to probe them, then that's a matter for Abovenet's customers to decide.
On the contrary -- it should only be AboveNet's customers who have any right to refuse service to anyone, not AboveNet themselves. That's certainly what I expect of my provider. Your absolutely right on that last point though -- AboveNet's customers can decide with their feet. It won't be an easy decision though as in all other aspects AboveNet seems to be a premium service.
(MIBH uses the old Partan/Doran "maximum prefix length" filters on our BGP input side, which means we can't reach various nets who break up a /20 into a lot of discontiguous /24's each singly homed by a different transit provider. Do we, also, risk "losing our carrier status" because we exercise control over what routes and what traffic we carry?)
Dunno....
Finally can we please stop using the incorrect term "port scanner" here? ORBS does not "scan" and it most certainly doesn't scan arbitrary ports.
They are looking for port 25 on all addresses within /16'. You call it what you want, I'll call it a port scanner.
Are they really? Can you prove it? -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>