From: Scott Francis [mailto:scott@virtualis.com] Sent: Friday, May 25, 2001 4:03 PM
Oh give me a break - is there ANY modern browser that will not prompt you to save the file if it does not recognize it as a displayable format? Your reasoning is going downhill ...
Have you ever setup an Apache web server (or any other)? Create a random binary file and call it something.xyz (or any other extention not defined in your mime-type) and see if ANY browser will load it as something other than garbage.
Incorrect, IE: Right click over the link, "Save Target as" sure the browser wont display it correct but you can save it fine. Steve On Sat, 26 May 2001, Roeland Meyer wrote:
From: Scott Francis [mailto:scott@virtualis.com] Sent: Friday, May 25, 2001 4:03 PM
Oh give me a break - is there ANY modern browser that will not prompt you to save the file if it does not recognize it as a displayable format? Your reasoning is going downhill ...
Have you ever setup an Apache web server (or any other)? Create a random binary file and call it something.xyz (or any other extention not defined in your mime-type) and see if ANY browser will load it as something other than garbage.
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
Roeland, And how will an email attachment of that nature be opened ? If the file extension is unrecognized, the user receiving the attachment will also not be able to open it. It is your job as a web server admin to make sure that the proper mime types have been set up. As new file types creep up, you create new mime types. ----- Original Message ----- From: "Roeland Meyer" <rmeyer@mhsc.com> To: "'Scott Francis'" <scott@virtualis.com>; "Mitch Halmu" <mitch@netside.net> Cc: "John Fraizer" <nanog@Overkill.EnterZone.Net>; "Roeland Meyer" <rmeyer@mhsc.com>; "'Steve Sobol'" <sjsobol@NorthShoreTechnologies.net>; "Shawn McMahon" <smcmahon@eiv.com>; <nanog@nanog.org> Sent: Saturday, May 26, 2001 3:34 AM Subject: RE: EMAIL != FTP
From: Scott Francis [mailto:scott@virtualis.com] Sent: Friday, May 25, 2001 4:03 PM
Oh give me a break - is there ANY modern browser that will not prompt you to save the file if it does not recognize it as a displayable format? Your reasoning is going downhill ...
Have you ever setup an Apache web server (or any other)? Create a random binary file and call it something.xyz (or any other extention not defined
your mime-type) and see if ANY browser will load it as something other
in than
garbage.
On Sat, May 26, 2001 at 12:34:11AM -0700, Roeland Meyer wrote:
Have you ever setup an Apache web server (or any other)? Create a random binary file and call it something.xyz (or any other extention not defined in your mime-type) and see if ANY browser will load it as something other than garbage.
NANOG != Apache support and sympathy forum. Might I suggest <http://httpd.apache.org/docs/>, specifically the section pertaining to mime.types? On Sat, May 26, 2001 at 01:01:34AM -0700, Roeland Meyer wrote:
You miss the point. It's what the users want. They are not interested in maximizing efficiency <gasp>. They are into what works. They don't give a flip how.
And referencing URL's in e-mail, rather than flooding people with large binary attachments, is perfectly efficient and functional. On Sat, May 26, 2001 at 08:38:22AM -0700, Roeland Meyer wrote:
So, why were they dialing international when ATT WorldNet is closer/cheaper? Could it be because they'd have had to have opened the server for relaying, from ATT, in order to do that? The anti-openrelay crowd raised your friend's cost there by $4.90 per minute +VAT, by FORCING them to use international dialup instead.
And this is bad how? I'd very surprised if AT&T does not operate SMTP relays for roaming dial customers to use. Failing that, there are many means of granting mobile users authenticated access to your relays, without opening them up for abuse, which have been outlined in greater detail earlier. This is not 1995. Running an open relay today is just plain irresponsible, and offers _no_ operational benefit. Stubborn people who think otherwise deserve to be blackholed. Period.
I was in the same position (London) last year and had my servers ORBS listed, even though they were only exposed for two weeks and they never saw spam being relayed. ORBS listing is cheaper than international phone charges, VAT or no VAT.
If you don't want to get listed in the ORBS, don't run an open relay, or prevent them from scanning you. If this is too difficult too implement, or the negative impact on your business resulting from commonly-accepted responsible operational practices is too severe, then you can deal with the consequences of being blackholed by ORBS subscribers. Your choice. -adam
On Sat, 26 May 2001, Adam Rothschild wrote:
If you don't want to get listed in the ORBS, don't run an open relay, or prevent them from scanning you. If this is too difficult too implement, or the negative impact on your business resulting from commonly-accepted responsible operational practices is too severe, then you can deal with the consequences of being blackholed by ORBS subscribers. Your choice.
-adam
Any North American Network Operator (NANO_) that entrusts control of their networks' communications to a foreign third party is a fool. ORBS is run by one Alan Brown based in New Zealand. IMHO, he's a cyberterrorist. Being blackholed by New Zealanders should be an insignificant threat to US-based networks. If it starts being a noticeable problem, you have a serious national security breach. --Mitch NetSide
On Sat, 26 May 2001, Mitch Halmu wrote:
On Sat, 26 May 2001, Adam Rothschild wrote:
If you don't want to get listed in the ORBS, don't run an open relay, or prevent them from scanning you. If this is too difficult too implement, or the negative impact on your business resulting from commonly-accepted responsible operational practices is too severe, then you can deal with the consequences of being blackholed by ORBS subscribers. Your choice.
-adam
Any North American Network Operator (NANO_) that entrusts control of their networks' communications to a foreign third party is a fool. ORBS is run by one Alan Brown based in New Zealand. IMHO, he's a cyberterrorist.
Being blackholed by New Zealanders should be an insignificant threat to US-based networks. If it starts being a noticeable problem, you have a serious national security breach.
--Mitch NetSide
Mitch, I'm not a huge fan of ORBS. We don't use it. This is based on the fact that we don't like their tactics. I do make use of MAPS however. That said, the fact that someone is using either service and perhaps your email doesn't go through has absolutely NOTHING to do with national security. It has everything to do with YOUR security. If your MTA is closed to SPAM problems and you and your customers don't SPAM, you have no problems. If you refuse to secure your MTA, that's YOUR problem and many of us have taken steps to prevent YOUR problem from becoming OUR problem. --- John Fraizer EnterZone, Inc
On Sat, 26 May 2001, John Fraizer wrote:
On Sat, 26 May 2001, Mitch Halmu wrote:
On Sat, 26 May 2001, Adam Rothschild wrote:
If you don't want to get listed in the ORBS, don't run an open relay, or prevent them from scanning you. If this is too difficult too implement, or the negative impact on your business resulting from commonly-accepted responsible operational practices is too severe, then you can deal with the consequences of being blackholed by ORBS subscribers. Your choice.
-adam
Any North American Network Operator (NANO_) that entrusts control of their networks' communications to a foreign third party is a fool. ORBS is run by one Alan Brown based in New Zealand. IMHO, he's a cyberterrorist.
Being blackholed by New Zealanders should be an insignificant threat to US-based networks. If it starts being a noticeable problem, you have a serious national security breach.
--Mitch NetSide
Mitch,
I'm not a huge fan of ORBS. We don't use it. This is based on the fact that we don't like their tactics. I do make use of MAPS however. That said, the fact that someone is using either service and perhaps your email doesn't go through has absolutely NOTHING to do with national security. It has everything to do with YOUR security. If your MTA is closed to SPAM problems and you and your customers don't SPAM, you have no problems. If you refuse to secure your MTA, that's YOUR problem and many of us have taken steps to prevent YOUR problem from becoming OUR problem.
--- John Fraizer EnterZone, Inc
Did I happen to mention MAPS in my post? I didn't. The argument was made for ORBS, or any FOREIGN entity that blocks North American networks. ORBS fans in this country will have lots of explaining to do and hell to pay if any foreign entity exploits this weakness to attack US interests in an international incident. Our position on MAPS is described clearly at http://www.dotcomeon.com I don't want to start a debate on MAPS and be accused of OT trolling. --Mitch NetSide
On Sat, 26 May 2001 19:23:16 EDT, Mitch Halmu said:
Did I happen to mention MAPS in my post? I didn't. The argument was made for ORBS, or any FOREIGN entity that blocks North American networks. ORBS fans in this country will have lots of explaining to do and hell to pay if any foreign entity exploits this weakness to attack US interests in an international incident.
For those who read Computerworld, a co-worker of mine was quoted on page 1 of the May 21 issue, saying "You can expect to see major liability lawsuits in the next 18 months or so". Better install those IIS patches *NOW* - I'm more concerned about a lawyer attack than an international terrorist attack.... OK.. so a hostile site *could* use DNS cache poisoning or hack the ORBS DNS servers to screw up your e-mail. On the other hand, you have the *EXACT* same vulnerability for *ANY* use of DNS. So unless you're using /etc/hosts exclusively, you have *bigger* problems if faced by a determined adversary. Frankly, if *I* were a determined adversary, the site's use of ORBS would be the least of their problems. I don't know.. maybe the foreign terrorists are like the Three Stooges - they DID catch the guys who bombed the World Trade Center when one of them tried to get back the deposit on the now-destroyed truck..... For bonus points - if anybody is both paranoid and anal-retentive enough to care about this sort of thing, I presume you *HAVE* edited your DNS cache hints to only include root name servers that are located on US soil, and reachable entirely by communications links that do not take a loop through non-US territories. THere *will* be hell to pay if foreign terrorists take over a root name server that's outside the US, after all.... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
On Sat, 26 May 2001 Valdis.Kletnieks@vt.edu wrote:
OK.. so a hostile site *could* use DNS cache poisoning or hack the ORBS DNS servers to screw up your e-mail.
Or ORBS could take sides in an international conflict and do it themselves. I'm not the only one that said they blackhole for political reasons, or that they are extremists. No sooner were those words uttered, someone from Calcutta, India [202.86.168.81 - caltiger.com] decided to remind us that, besides the atomic bomb, they now have connected computers too.
For bonus points - if anybody is both paranoid and anal-retentive enough to care about this sort of thing, I presume you *HAVE* edited your DNS cache hints to only include root name servers that are located on US soil, and reachable entirely by communications links that do not take a loop through non-US territories.
THere *will* be hell to pay if foreign terrorists take over a root name server that's outside the US, after all....
The named.ca file provides sketchy details about locations. Meknows that F is in the care of Paul Vixie. M is in a 202 apnic block (Japan). Any others to worry about? Perhaps we should run traceroutes to all... --Mitch NetSide
On Sun, May 27, 2001 at 07:48:41PM -0400, Mitch Halmu wrote:
The named.ca file provides sketchy details about locations. Meknows that F is in the care of Paul Vixie. M is in a 202 apnic block (Japan). Any others to worry about? Perhaps we should run traceroutes to all...
and while you are at it, get some legislation passed which will prevent foreign countries from using american technology for their infrastructure. oops, i guess that's already in place. [ i just checked a foreign calendar, and note that this is the memorial day weekend in them United States of America. does this explain the recent spate of protectionist/rampant-paranoid posts? ] -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Now with more and longer words for your reading enjoyment. ]
Mitch Halmu wrote:
Or ORBS could take sides in an international conflict and do it themselves. I'm not the only one that said they blackhole for political reasons, or that they are extremists. No sooner were those words uttered, someone from Calcutta, India [202.86.168.81 - caltiger.com] decided to remind us that, besides the atomic bomb, they now have connected computers too.
How is caltiger.com related to ORBS? -- Tired of Earthlink? Get JustTheNet! Nationwide Dialup, ISDN, DSL, ATM, Frame Relay, T-1, T-3, and more. EARTHLINK AMNESTY PROGRAM: Buy a year, get two months free More info coming soon to http://JustThe.net, or e-mail me! B!ff: K3wl, w3'v3 r00t3D da N@vy... 0h CrAp, INC0M!Ng $%^NO CARRIER
On Sat, May 26, 2001 at 07:23:16PM -0400, Mitch Halmu exclaimed:
Did I happen to mention MAPS in my post? I didn't. The argument was made for ORBS, or any FOREIGN entity that blocks North American networks. ORBS fans in this country will have lots of explaining to do and hell to pay if any foreign entity exploits this weakness to attack US interests in an international incident.
Our position on MAPS is described clearly at http://www.dotcomeon.com I don't want to start a debate on MAPS and be accused of OT trolling.
too late ... :-)
--Mitch NetSide
-- Scott Francis scott@ [work:] v i r t u a l i s . c o m Systems Analyst darkuncle@ [home:] d a r k u n c l e . n e t West Coast Network Ops GPG keyid 0xCB33CCA7 illum oportet crescere me autem minui
On Sat, May 26, 2001 at 04:36:31PM -0400, Mitch Halmu wrote:
Any North American Network Operator (NANO_) that entrusts control of their networks' communications to a foreign third party is a fool.
define foreign. even though i'm a NANO, unfortunately, i have to rely on several foreign third parties for my network stuff. ICANN ARIN Network Solutions/Verisign i only wish that i could use reliable kiwi alternates for these over-managed, unstable, useless entities. jim, from canada, not (as yet) part of the Untied States of Anemia North American != USA -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Now with more and longer words for your reading enjoyment. ]
On Sat, May 26, 2001 at 04:36:31PM -0400, Mitch Halmu wrote:
Any North American Network Operator (NANO_) that entrusts control of their networks' communications to a foreign third party is a fool. ORBS is run by one Alan Brown based in New Zealand. IMHO, he's a cyberterrorist.
I do _not_ support the ORBS. While I like with the concept, the implementation (implementor?) is of questionable sanity, and the volume of false positives, in the form of mail from legitimate senders running horribly misconfigured and vulnerable mail servers, is too high.
Being blackholed by New Zealanders should be an insignificant threat to US-based networks. If it starts being a noticeable problem, you have a serious national security breach.
Nobody's arbitrarily blackholing you. There are clearly defined procedures for getting on and off their list. If you choose to ignore them, that's your choice. On Sat, May 26, 2001 at 07:23:16PM -0400, Mitch Halmu wrote:
Our position on MAPS is described clearly at http://www.dotcomeon.com
You could have fixed your open relays in a manner acceptable to your user base, in less time than it took you to make this site. ;) On Sun, May 27, 2001 at 09:11:39AM -0700, Roeland Meyer wrote:
You must not have a roaming staff or are willing to keep telcos wealthy.
I do not understand why one must run an open SMTP relay, or "keep telcos wealthy", to achieve the functionality you desire. -adam
On Sat, 26 May 2001, Mitch Halmu wrote:
Being blackholed by New Zealanders should be an insignificant threat to US-based networks. If it starts being a noticeable problem, you have a serious national security breach.
If someone at an internet exchange outside your control starts announcing your netblocks, you have the same issue.. I see your point but I don't think its an argument; there are thousands of possibilities to harm a nationwide network. -- /* Sabri Berisha CCNA,BOFH,+iO O.O speaking for just myself * Join HAL!!: www.HAL2001.org ____oOo_U_oOo____ http://www.bit.nl/~sabri * For the exceedingly thick-headed, experience is the only way to learn. * Sam Thomas - NANOG */
participants (11)
-
Adam Rothschild -
Jim Mercer -
John Fraizer -
Mitch Halmu -
Roeland Meyer -
Sabri Berisha -
Scott Francis -
Stephen J. Wilcox -
Steve Sobol -
Valdis.Kletnieks@vt.edu -
Wojtek Zlobicki