Obviously random dial-ups have different hosts logged on each time they try, often no one is logged on. So of course they get to imagine whatever they like (e.g., when no one is dialed up that maybe they've been firewalled.) Somehow their broken software imagines it sees the same open relay repeatedly on some random dialup IP, which of course is incredibly unlikely. Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community. I'm really getting sick of these incompetent self-promoters wasting peoples' times. Maybe if they heard enough voices telling them "no thanks" they'd get the hint their efforts are not appreciated and not wanted. Oh, and a word from ORBS' fearless leader: From alan@manawatu.gen.nz Sun Feb 7 23:11:52 1999
As for you, fuck off. Your attitude has got you a permanent entry in ght shub list.
No doubt something to do with all the attention I get from these jerks. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
who cares? orbs is best ignored unless you are bored and need stupidity to highlight.
On August 21, 2000 at 22:14 randy@psg.com (Randy Bush) wrote:
who cares? orbs is best ignored unless you are bored and need stupidity to highlight.
Actually, you're probably right. Of course then some significant site decides to listen to these idiots and some customer can't get some mail thru and it becomes a waste of time for nothing. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
On Mon, Aug 21, 2000 at 09:55:18PM -0400, Barry Shein wrote:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
Don't lump ORBS and MAPS in the same boat... MAPS is run by well balanced, sane individuals and doesn't commit net-abuse. ORBS on the other hand... -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 340% tax? http://www.boycott-the-pumps.com/
On August 21, 2000 at 19:23 john@sackheads.org (John Payne) wrote:
On Mon, Aug 21, 2000 at 09:55:18PM -0400, Barry Shein wrote:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
Don't lump ORBS and MAPS in the same boat... MAPS is run by well balanced, sane individuals and doesn't commit net-abuse. ORBS on the other hand...
No measurables, no reason to believe any of it is worth the trouble it causes (i.e., blocks any significant amount of spam), no due process, no review of principles possible, you can't even take your business elsewhere to get them out of your life, no one even gets to vote with their wallet. This is just vigilantism with all the potential for abuse with the usual pattern it takes on in non-cyber contexts wherein they mostly hassle honest citizens because the crooks are far too slick for such amateurish approaches so if you leave your car doors unlocked they slash the tires to teach you a lesson. P.S. We were accidentally blocked by MAPS once, PITA. I'm not impressed and it's not possible for an ISP to use MAPS. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
On Tue, Aug 22, 2000 at 01:02:57AM -0400, Barry Shein wrote:
On August 21, 2000 at 19:23 john@sackheads.org (John Payne) wrote:
On Mon, Aug 21, 2000 at 09:55:18PM -0400, Barry Shein wrote:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
Don't lump ORBS and MAPS in the same boat... MAPS is run by well balanced, sane individuals and doesn't commit net-abuse. ORBS on the other hand...
No measurables, no reason to believe any of it is worth the trouble it causes (i.e., blocks any significant amount of spam), no due process, no review of principles possible, you can't even take your business elsewhere to get them out of your life, no one even gets to vote with their wallet.
What trouble does MAPS cause? RSS and DUL are blocking quite a bit of spam for *me*. Dunno how much the RBL is blocking... 'cos I'm behind a BGP feed. No measurables tho... sure - you get what you pay for. But, what trouble does it cause?
This is just vigilantism with all the potential for abuse with the usual pattern it takes on in non-cyber contexts wherein they mostly hassle honest citizens because the crooks are far too slick for such amateurish approaches so if you leave your car doors unlocked they slash the tires to teach you a lesson.
P.S. We were accidentally blocked by MAPS once, PITA. I'm not impressed and it's not possible for an ISP to use MAPS.
And? Was it a justified listing? Or a spite listing? Details! -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 340% tax? http://www.boycott-the-pumps.com/
On 08/21/00, Barry Shein <bzs@world.std.com> wrote:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
ORBS != MAPS. We're entirely different losers. -- J.D. Falk "Laughter is the sound Product Manager that knowledge makes when it's born." Mail Abuse Prevention System LLC -- The Cluetrain Manifesto
Thank you, J.D., for your usual professional and reasoned response to the problem of MAPS probing random dial-ups (not.) This response alone from MAPS should be reason enough for people here to firewall orbs.org, it's run by a couple of smirking self-promoters. On August 22, 2000 at 00:22 jdfalk@mail-abuse.org (J.D. Falk) wrote:
On 08/21/00, Barry Shein <bzs@world.std.com> wrote:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
ORBS != MAPS. We're entirely different losers.
-- J.D. Falk "Laughter is the sound Product Manager that knowledge makes when it's born." Mail Abuse Prevention System LLC -- The Cluetrain Manifesto
-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
On Tue, Aug 22, 2000 at 02:39:56PM -0400, Barry Shein wrote:
Thank you, J.D., for your usual professional and reasoned response to the problem of MAPS probing random dial-ups (not.)
This response alone from MAPS should be reason enough for people here to firewall orbs.org, it's run by a couple of smirking self-promoters.
Which bit of MAPS != ORBS don't you understand? MAPS doesn't probe dialups random or not. -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 340% tax? http://www.boycott-the-pumps.com/
On Tue, Aug 22, 2000 at 02:39:56PM -0400, Barry Shein wrote:
Thank you, J.D., for your usual professional and reasoned response to the problem of MAPS probing random dial-ups (not.)
This response alone from MAPS should be reason enough for people here to firewall orbs.org, it's run by a couple of smirking self-promoters.
Stop there. You are now promoting blocking orbs.org because you don't like what some MAPS guy says to you. MAPS and ORBS are different and separate (some might say rivalling but let's not have that discussion again) organisations. Don't hold one responsible for what the other does. Greetz, Peter. -- [ircoper] petervd@vuurwerk.nl - Peter van Dijk / Hardbeat [student] Undernet:#groningen/wallops | IRCnet:/#alliance [developer] _____________ [disbeliever - the world is backwards] (__VuurWerk__(--*-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Aug 2000, Peter van Dijk wrote:
Stop there. You are now promoting blocking orbs.org because you don't like what some MAPS guy says to you. MAPS and ORBS are different and separate (some might say rivaling but let's not have that discussion again) organizations. Don't hold one responsible for what the other does.
Barry has simply proven, yet again, that he is a moron. The cluestick has been hitting him squarely in the head for quite some time, but it's not making a mark. :) Regarding the DUL list, I personally think it is the only anti-spam list that an ISP can afford to apply to its systems. (I would be extremely surprised if it actually blocked any legitimate mail. ORBS, on the other hand, definitely has too many false positives for me, even if I did agree with the ethics of the admins. And while the MAPS RBL and RSS are extremely effective with relatively low blockage of legitimate mail, the risk of blocking the legitimate mail is too high for me.) The DUL list is extremely useful. J.D. can correct me if I am wrong, but they don't do any probing with this list; they just list the IPs that are in dialup pools. It doesn't matter if they have an open relay or no mail server at all. Since there's rarely any legitimate reason for someone to be sending mail from a mail server on a dialup line, this easily blocks a large source of spam with little risk. __ L. Sassaman Security Architect | "We all want many things, Technology Consultant | but some of those are bottomly | destructive of all desires." http://sion.quickie.net | --Vernor Vinge -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5pG8IPYrxsgmsCmoRAtSxAJ9qdeSNMYmmmXda/sDmKw0cwIwYIwCaAtur V5ll+0nwNYJnZVVmZ3lN06E= =E9IN -----END PGP SIGNATURE-----
The DUL list is extremely useful. J.D. can correct me if I am wrong, but they don't do any probing with this list; they just list the IPs that are in dialup pools. It doesn't matter if they have an open relay or no mail server at all. Since there's rarely any legitimate reason for someone to be sending mail from a mail server on a dialup line, this easily blocks a large source of spam with little risk.
More to the point, they only list IP networks that the administrator of the network has _asked_ them to list. This list is a voluntary opt-in on the part of the ISP in question. -- Joe Rhett Chief Technology Officer JRhett@ISite.Net ISite Services, Inc. PGP keys and contact information: http://www.noc.isite.net/Staff/
On Wed, 23 Aug 2000, Joe Rhett wrote:
More to the point, they only list IP networks that the administrator of the network has _asked_ them to list. This list is a voluntary opt-in on the part of the ISP in question.
I'd written a reply to this thread earlier, but decided not to send it. I believe you are incorrect. They only list IP networks that _someone_ asks them to list. Back when we started using the DUL at work, I found some of our IP space that was not dialup pools was already in it. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Thu, Aug 24, 2000 at 12:21:44AM -0400, jlewis@lewis.org wrote:
On Wed, 23 Aug 2000, Joe Rhett wrote:
More to the point, they only list IP networks that the administrator of the network has _asked_ them to list. This list is a voluntary opt-in on the part of the ISP in question.
I'd written a reply to this thread earlier, but decided not to send it. I believe you are incorrect. They only list IP networks that _someone_ asks them to list. Back when we started using the DUL at work, I found some of our IP space that was not dialup pools was already in it.
Yes, I started using the DUL within the past week on some of my machines, and when looking at the raw list, found some of our space already in the list. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE |
On Wed, Aug 23, 2000 at 05:40:34PM -0700, L. Sassaman wrote:
server at all. Since there's rarely any legitimate reason for someone to be sending mail from a mail server on a dialup line, this easily blocks a large source of spam with little risk.
Businesses all across the country are going online now with DSL. Many DSL providers use PPPoE, putting you smack in the middle of their dialup pool. So, your information was correct as recently as a year ago, but it's out of date now.
On Fri, 25 Aug 2000, Shawn McMahon wrote:
On Wed, Aug 23, 2000 at 05:40:34PM -0700, L. Sassaman wrote:
server at all. Since there's rarely any legitimate reason for someone to be sending mail from a mail server on a dialup line, this easily blocks a large source of spam with little risk.
Businesses all across the country are going online now with DSL.
Many DSL providers use PPPoE, putting you smack in the middle of their dialup pool.
So, your information was correct as recently as a year ago, but it's out of date now.
If a business is connecting via PPPoE, smack in the middle of a dialup/DSL pool, they're probably using the ISP's server. If the business is hosting their own mail, they probably have dedicated address space or some other fixed external presence, which hopefully lives outside the DUL range. Pete -- Peter J. Templin, Jr., CCNA, CCDA VP Networking On-Line Internet Services - URDirect.net A division of Global On-Line Computers 5606 Randolph Blvd templin@urdirect.net San Antonio, TX 78233 (210)692-9911
[ On Friday, August 25, 2000 at 08:42:33 (-0400), Shawn McMahon wrote: ]
Subject: Re: Now the idiots at ORBS are probing random dial-ups
On Wed, Aug 23, 2000 at 05:40:34PM -0700, L. Sassaman wrote:
server at all. Since there's rarely any legitimate reason for someone to be sending mail from a mail server on a dialup line, this easily blocks a large source of spam with little risk.
Businesses all across the country are going online now with DSL.
Many DSL providers use PPPoE, putting you smack in the middle of their dialup pool.
So, your information was correct as recently as a year ago, but it's out of date now.
How does that change the picture? It shouldn't be any different! Many businesses in this region used dial-up lines until connectivity costs came down. They often had their own e-mail servers, but they were still relaying through the ISP's outbound SMTP relay host. The only difficulty was with massive exploitation of multi-level relays. It took a lot of time, and a lot of different people putting pressure on ISP postmasters to make them realise that they were also suffering theft of service when their customers were forwarding spam through their mailers. Finally as a result of major relays being listed repeatedly in ORBS and other spam-server lists, most ISPs instituted various types of policies to prevent their customers (and themselves) from being relay raped. Some did the simple thing and blocked direct SMTP connections to and from their customers, forcing all e-mail to be relayed through their secured servers. Others perform regular checks of their customer IP blocks for unauthorised and insecure mail servers. Even @Home does regular scans for mail servers for this very reason! Unless static IP space is delegated directly to a customer then there's no reason to believe that any mail server running in that space is legitimate. SMTP just does not play with dynamic IPs, especially if you don't have reliable, secure, dynamic DNS updates on both the forward and reverse! -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
On Fri, Aug 25, 2000 at 10:31:18AM -0400, Greg A. Woods wrote:
Unless static IP space is delegated directly to a customer then there's no reason to believe that any mail server running in that space is legitimate. SMTP just does not play with dynamic IPs, especially if you don't have reliable, secure, dynamic DNS updates on both the forward and reverse!
Greg, as usual, you just plain don't know what the hell you're talking about. SMTP works just fine with dynamic IPs, *IF* both ends are following the relevant RFCs. You don't follow them, so shit doesn't work for you. That's your choice, and it's yours to make; but stop pontificating that the rest of the world should follow it, and that it's the technically sound choice.
[ On Friday, August 25, 2000 at 11:18:07 (-0400), Shawn McMahon wrote: ]
Subject: Re: Now the idiots at ORBS are probing random dial-ups
Greg, as usual, you just plain don't know what the hell you're talking about.
SMTP works just fine with dynamic IPs, *IF* both ends are following the relevant RFCs.
Excuse me? If you have a technical point to make, then please make it. Otherwise please pay attention to to the real world and real world requirements. Even with properly functioning dynamic DNS updates it's not uncommon for users who attempt to use SMTP on what are really dynamic IP addresses to not receive their mail on occasion.. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
On Fri, Aug 25, 2000 at 08:47:36PM -0400, Greg A. Woods wrote:
Even with properly functioning dynamic DNS updates it's not uncommon for users who attempt to use SMTP on what are really dynamic IP addresses to not receive their mail on occasion..
Sorry, I've been told I'll be thrown out of the list if I participate in this discussion. The rest of you will have to have it without me.
On 08/25/00, Shawn McMahon <smcmahon@eiv.com> wrote:
On Wed, Aug 23, 2000 at 05:40:34PM -0700, L. Sassaman wrote:
server at all. Since there's rarely any legitimate reason for someone to be sending mail from a mail server on a dialup line, this easily blocks a large source of spam with little risk.
Businesses all across the country are going online now with DSL.
Many DSL providers use PPPoE, putting you smack in the middle of their dialup pool.
So, your information was correct as recently as a year ago, but it's out of date now.
I'd hope that the providers in question would have the courtesy, both to their customers and to everyone who uses the MAPS DUL, to contact dul@mail-abuse.org and advise the DUL team of their change in address assignment policy. http://mail-abuse.org/dul/removing.htm#removal_reorg -- J.D. Falk "Laughter is the sound Product Manager that knowledge makes when it's born." Mail Abuse Prevention System LLC -- The Cluetrain Manifesto
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 21 Aug 2000, Barry Shein wrote:
Oh, and a word from ORBS' fearless leader:
From alan@manawatu.gen.nz Sun Feb 7 23:11:52 1999
As for you, fuck off. Your attitude has got you a permanent entry in ght shub list.
No doubt something to do with all the attention I get from these jerks.
Are you ever going to stop harping on that? We all know ORBS is a joke. We don't need to hear about it anymore. Enough already. __ L. Sassaman Security Architect | "We all want many things, Technology Consultant | but some of those are bottomly | destructive of all desires." http://sion.quickie.net | --Vernor Vinge -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5ojS8PYrxsgmsCmoRAuN2AKCdm4ADu2W8GODp2AWSUje9ygHZgwCgntKl vQNDwvOwAPn9NR7OpaXXn9o= =BsvY -----END PGP SIGNATURE-----
On Mon, Aug 21, 2000 at 09:55:18PM -0400, Barry Shein wrote:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
How does yet another example of ORBS insanity reflect on MAPS policies?
On Mon, 21 Aug 2000 21:55:18 EDT, Barry Shein <bzs@world.std.com> said:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
OK.. I'm *not* trying to restart the MAPS/ORBS war *again* (personally, I believe that BOTH sides are partially correct), but I have a few questions for the audience: 1) The ORBS stuff currently returns an IP of 127.0.0.2 for things it thinks are tested open relays. Personally, I've never caught it returning 127.0.0.2 and *not* had a test message on their web page - has anybody seen it do that? (Remember - 127.0.0.2 *only*). 2) A big part of the ORBS furor seems to be related to hosts that return 127.0.0.4 (for sites that have router blocks against ORBS), and 127.0.0.5 (which seems to be a catch-all "screw you spammer" code). Part of the problem is that currently, it's hard to get Sendmail to distinguish between case (1) and (2). Sendmail 8.12 may come out with features to allow disambiguating the two cases (and a patch for 8.11 may happen as well). I *cant* commit to it being in there, or a date - I can just say it's "being looked at". Would that at least help address the "innocent bystanders" concerns? (and yes, I know there's the scanning concern too - that's a seperate issue which may be finessed as well - sites that don't like it put in blocks, they get 127.0.0.4's, and sites that only check ORBS for 127.0.0.2 get the benefit they want....) 3) (Ok, I'll admit it) one of our large Listserv hubs checks in ORBS, mostly to save *my* sanity - it has been cutting out a *large* amount of attempted spamming (most of which would otherwise have dropped into my lap as a postmaster double-bounce). ORBS got added in because MAPS *just didnt have the hosts listed*. For yesterday, I had 466 ORBS rejections for 122 hosts, and 35 for 5 distinct hosts from mail-abuse.org. Of the 5 mail-abuse.org hosts, 2 were in ORBS as well, and of the 122 ORBS hosts, only 13 were in relays.mail-abuse.org as well. It's nice to be able to say "yes, MAPS does 43 different hand-checks to make sure that we don't list a site by accident". However, if it only lists 10% of the sites that you're being spammed from, it's not a useful tool to make any meaningful dent. And yes, I *could* sit here all day and for each of the 100 or so extra pieces of bounced mail I'd get, nominate it for MAPS - but *I* only see the ones that double-bounce. The problem is that *both* sides are right, in their mindset - the MAPS crew is correct in their goals, but the ORBS crew is correct in noticing that by the time a MAPS entry shows up for a box, it's probably already forwarded tens or hundreds of thousands of pieces of e-mail. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
At 4:50 PM -0400 8/22/00, Valdis.Kletnieks@vt.edu wrote:
2) A big part of the ORBS furor seems to be related to hosts that return 127.0.0.4 (for sites that have router blocks against ORBS), and 127.0.0.5 (which seems to be a catch-all "screw you spammer" code). Part of the problem is that currently, it's hard to get Sendmail to distinguish between case (1) and (2).
Use the "beta" "outputs.orbs.org" list instead of the "relays.orbs.org". It lists ONLY relay output points. (127.0.0.2 listings). "outputs" isn't guaranteed to be around, but as I understand it, it isn't going anywhere any time soon. D
On Tue, Aug 22, 2000 at 04:50:05PM -0400, Valdis.Kletnieks@vt.edu wrote:
Of the 5 mail-abuse.org hosts, 2 were in ORBS as well, and of the 122 ORBS hosts, only 13 were in relays.mail-abuse.org as well.
It's nice to be able to say "yes, MAPS does 43 different hand-checks to make sure that we don't list a site by accident". However, if it only lists 10% of the sites that you're being spammed from, it's not a useful tool to make any meaningful dent. And yes, I *could* sit here all day and for each of the 100 or so extra pieces of bounced mail I'd get, nominate it for MAPS - but *I* only see the ones that double-bounce.
I think the real thing to remember is that MAPS can put spammers out of business in a way ORBS can't. Blocking open relays is a futile effort, hosts are added at faster and faster rates, with less knowledgeable "admins" every day. Even with fully automated probing a-la ORBS, they will never catch up. Blocking the e-mail isn't going to work, they will find ways to anonymously send spam for years to come. The right thing to do is block the web site that they direct you to in the spam, where they make money. The RBL, at least for those with the BGP version, can do just that. If people can't get to the spammers web site and enter their credit card number to buy ginsu knives, or view the hotest XXX action on the net, the spammer will go out of business, and the spam will be no more. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
participants (15)
-
Barry Shein -
Derek J. Balling -
J.D. Falk -
Jared Mauch -
jlewis@lewis.org -
Joe Rhett -
John Payne -
L. Sassaman -
Leo Bicknell -
Pete Templin -
Peter van Dijk -
Randy Bush -
Shawn McMahon -
Valdis.Kletnieks@vt.edu -
woods@weird.com