Perhaps AboveNet would openly submit to testing by someone independent of ORBS who would agree not to release the detailed results (except to AboveNet) but who would check the validity of ORBS claims and provide a summary report. ORBS would of course have to be allowed to review the validity of the tests done.
ORBS has made no claims that there are open relays inside Abovenet. They are preemptively scanning Abovenet's address space IN CASE THERE ARE ANY relays, either belonging to Abovenet, or belonging to an Abovenet customer.
In this case AboveNet is a transport provider and in my opinion they're risking their status as a network carrier to be filtering in they way they are. (Not that I know anything about carrier rights! :-).
Right, like you said, YANAL. Abovenet also runs the MAPS RBL in BGP mode, and this hasn't hurt their status that I can tell from here.
Your own filtering of your own network when your own hosts are involved is a much different scenario.
It *is* Abovenet's own network. They sell transit to other people via their own network, but that doesn't change the ownership of Abovenet's network to somehow not include Abovenet. If you think Abovenet doesn't have the right to refuse service to anyone, then your property ethics are the same as any spammer's. And if Abovenet loses customers because they don't allow ORBS to probe them, then that's a matter for Abovenet's customers to decide. (MIBH uses the old Partan/Doran "maximum prefix length" filters on our BGP input side, which means we can't reach various nets who break up a /20 into a lot of discontiguous /24's each singly homed by a different transit provider. Do we, also, risk "losing our carrier status" because we exercise control over what routes and what traffic we carry?)
Finally can we please stop using the incorrect term "port scanner" here? ORBS does not "scan" and it most certainly doesn't scan arbitrary ports.
They are looking for port 25 on all addresses within /16'. You call it what you want, I'll call it a port scanner. -- Paul Vixie <vixie@mibh.net> >> But what *IS* the internet? > It's the largest equivalence class in the reflexive transitive > symmetric closure of the relationship "can be reached by an IP > packet from". --Seth Breidbart
[ On , January 15, 2000 at 11:11:43 (-0800), Paul Vixie wrote: ]
Subject: Re: Fw: Administrivia: ORBS
ORBS has made no claims that there are open relays inside Abovenet. They are preemptively scanning Abovenet's address space IN CASE THERE ARE ANY relays, either belonging to Abovenet, or belonging to an Abovenet customer.
That's flat out wrong. Please read the ORBS web pages and do some actual queries of their database and their DNS RBL zone. A full list of all verified open relays in known AboveNet netblocks is readily available therein. So far AboveNet hasn't denied that there are/were open relays on "their" networks either, at least not to my knowledge. All we know now is that ORBS can no longer be used to prove that there are none remaining. ORBS also maintains that they do not, nor have they ever, systematically and preemptively scanned any networks. They also actively discourage users of their web interface from doing such scanning and I've heard second hand that they do in fact cut off access to the web interface by anyone attempting such scans. I am sure many of us would be very interested in seeing concrete verifiable evidence of such preemptive scanning, either by ORBS or their users, but so far none has been produced that I'm aware of. BTW, unless you can read minds you cannot know why an IP# has been submitted to the ORBS web interface for testing. Given that I'm an optimist, and given there's no evidence to the contrary, I can only assume that each and every one is either a result of actual spam, or a test by the postmaster of the mailer being tested.
It *is* Abovenet's own network. They sell transit to other people via their own network, but that doesn't change the ownership of Abovenet's network to somehow not include Abovenet.
In my own opinion I would say the "ownership", whatever that means in a virtual on-line world, changes as soon as they assign a network within one of their own netblocks to one of their customers. Eg. even though my own network is assigned from a UUNET block, I am the only one who owns the rights to receive packets at my IP addresses, or indeed the right to block such packets (to the extent that packets to or from my network don't cause some transit provider grief in the form of a denial of service attack or such).
If you think Abovenet doesn't have the right to refuse service to anyone, then your property ethics are the same as any spammer's. And if Abovenet loses customers because they don't allow ORBS to probe them, then that's a matter for Abovenet's customers to decide.
On the contrary -- it should only be AboveNet's customers who have any right to refuse service to anyone, not AboveNet themselves. That's certainly what I expect of my provider. Your absolutely right on that last point though -- AboveNet's customers can decide with their feet. It won't be an easy decision though as in all other aspects AboveNet seems to be a premium service.
(MIBH uses the old Partan/Doran "maximum prefix length" filters on our BGP input side, which means we can't reach various nets who break up a /20 into a lot of discontiguous /24's each singly homed by a different transit provider. Do we, also, risk "losing our carrier status" because we exercise control over what routes and what traffic we carry?)
Dunno....
Finally can we please stop using the incorrect term "port scanner" here? ORBS does not "scan" and it most certainly doesn't scan arbitrary ports.
They are looking for port 25 on all addresses within /16'. You call it what you want, I'll call it a port scanner.
Are they really? Can you prove it? -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
Sweep away every other objection I or anyone else has ever made about these "open relay" attacks on spam and you're still left with one basic problem: They don't work. Oh they might block a bit of spam here or there but mostly they harass honest people until they close the barn door now that the horse (and a thousand others from other barns) has run through your yard and is headed off into the sunset. It doesn't work. It doesn't work often enough to make any difference and it's certainly not worth the time and effort people spend discussing how to fine tune it. The Walrus and the Carpenter Were walking close at hand; They wept like anything to see Such quantities of sand: 'If this were only cleared away,' They said, 'it would be grand!' 'If seven maids with seven mops Swept it for half a year. Do you suppose,' the Walrus said, 'That they could get it clear?' I doubt it,' said the Carpenter, And shed a bitter tear. It's a hangover from a long-gone era when you could control behavior on the internet by some form of banishment, and lacking control over the end-user you threaten whomever they rely on for access. But these spammers don't rely on anyone and are not answerable to anyone as things stand, they just create throwaway dial-up accounts and exploit a new open-relay every hour and probably just laugh their asses off at the way they cause honest people to fight with each other over their mess. Meanwhile the spam streams more or less unabated. We need a fresh approach, probably not a technical approach. That's part of the absurdity, watching well-meaning techies try to cure social problems with yet another patch to the code. It's the flip side of people who try to destroy all of western civilization with a PC virus. But the first step is agreeing we have a problem and that these approaches just do not work (by "not work" I mean wouldn't stand up to even the most superficial cost/benefit analysis.) Part of the problem is we have quite a cheering section of individuals who hang out on these lists, are quite technical, but are not ISPs or anything like ISPs. They're the equivalent of limousine liberals who will tell you with great stridency and authority how to fix urban problems but have never gone near the city. And that's one reason they tend to get verbally vicious when you question their sacred cows, so you're distracted (or disgusted) from noting that they're just armchair quarterbacks. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
On 01/18/00, Barry Shein <bzs@world.std.com> wrote:
We need a fresh approach, probably not a technical approach.
This has held true for some years now: technology (filters of various types) in the short term, legislation in the medium term, and education in the long term.
And that's one reason they tend to get verbally vicious when you question their sacred cows, so you're distracted (or disgusted) from noting that they're just armchair quarterbacks.
That's a good point, actually. Until you've had to sit there on the phone and make polite noises while somebody's sweet grandmother takes out her technology-fearing frustration on you because she can't get her $20/month dialup to work, you really don't understand the consumer ISP industry. Not to say that people who haven't done that aren't able to be extremely clueful -- quite the contrary, there are quite a few people who /have/ done that and don't have two clues to rub together -- but it helps put things in perspective, and perspective is one thing we geeks have trouble with. ---------========== J.D. Falk <jdfalk@cybernothing.org> =========--------- | "I, Foo Bar, leader of the Usenet High Council and lord of all I | | survey, do hereby order you to destroy any trace of the user Spam | | Baz, hereafter to be referred to as 'pud.'" -- Paul Phillips | ----========== http://www.cybernothing.org/jdfalk/home.html ==========----
[ On Tuesday, January 18, 2000 at 15:19:38 (-0500), Barry Shein wrote: ]
Subject: Re: Fw: Administrivia: ORBS
Oh they might block a bit of spam here or there but mostly they harass honest people until they close the barn door now that the horse (and a thousand others from other barns) has run through your yard and is headed off into the sunset.
They're not intended to block a lot of spam. They're intended to raise awareness of the issue. IMRSS was even more specifically for that purpose but it apparently crossed a number of other lines that made it less acceptable. This really is a non-technial approach to the problem and it will work, and is working, for that purpose. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (4)
-
Barry Shein
-
J.D. Falk
-
Paul Vixie
-
woods@most.weird.com