I would like to get your opinions on this. I have been in touch with Netgate.net.nz, which now transports ORBS illegal traffic into the US. ORBS (Alan Brown) has indicated on spam-l that ORBS has (illegally by 18 USC 1030 2(b), 2(c), and 3) scanned thousands of US government computers, and that the purpose of ORBS is to enable "script kiddies" to exploit sites that relay, thus inducing those sites not to operate relay services. ORBS' advertising of our site as free misuses our trademark. ORBS commits frauds on those who believe its false advertising and then subsequently use listed sites to relay without authorization. All this has been brought to the attention of Netgate.net.nz. Netgate is unwilling to block this traffic, which results in unauthorized relay attempts on ours and others services. Netgate claims it is a "US carrier" and is exempt from any responsibility for the behavior of it customers after complaints have been made about them. Our theory is basically that Netgate must react to complaints about violations of US law by its customers or find itself named a codefendant. It seems we have reached the limit of civil discusions. Before we start suing Netgate, and listing them as the responsible party on our next relay complaint (unauthorized use of computer of more than $5000), I'd like to air out some of our non-litiguous options before some other operators. So I'd like to propose the possibility that we should start probing New Zealand sites with SATAN, and publish site vulnerabilities on a web page, just like ORBS does. We would then deny responsibility for any resulting attacks on those sites by "script kiddies". Just like ORBS does. Of course, if this were actually done, I would expect we would then find ourselves blocked, and perhaps disconnected by our upstreams. I would tend to think that most other ISP's would find this kind of behavior unacceptable. I also tend to think that our upstreams should respond to such complaints and take action to stop this activity. But perhaps I'm wrong. I'd like to find out the reaction of various operators to such activity. I'm not seriously considering using SATAN this way, but I would like to hear how others would approach the problem posed by someone who did. I hope that will be helpful in forming our response to Netgate.net.nz. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dean Anderson wrote:
I would like to get your opinions on this.
My opinion is that you should sue them vigorously -- and lose. This would help the rest of us immensely by providing a solid precedent for common carrier liability regarding the activities of our subscribers. My technical evaluation is that you were discovered to be operating an open relay, you have been notified that you are operating an open relay, and have failed to secure your open relay. Thus, through your own deliberate action, the publication that you operate an open relay constitutes an invitation to use the open relay. Your failure to enforce secure authorization practices is negligent, and you have failed to abate a public nuisance. Whether your threat to encourage illegal penetration of another's system is criminal should be brought to the proper authorities for evaluation. I'm sure that many of us would be happy to testify on behalf of Netgate. WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08-Jan-2000 William Allen Simpson wrote:
Dean Anderson wrote:
I would like to get your opinions on this.
My opinion is that you should sue them vigorously -- and lose. This would help the rest of us immensely by providing a solid precedent for common carrier liability regarding the activities of our subscribers.
Every law I have seen limits common carrier liability exemption when the carrier has knowledge of the illegal activity. It is only protection when the carrier is not aware of the activity. - -- William X. Walsh <william@dso.net> DSo Networks http://dso.net/ Fax: 877-860-5412 or +1-559-851-9192 GPG/PGP Key at http://dso.net/wwalsh.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: DSo Networks iD8DBQE4drtE8zLmV94Pz+IRAvBTAKDD9O9amegIE65UJ1Lj2htV44EurwCgrTaN Ua63qpzcXJK//Rs1PuRDfPc= =Xy8H -----END PGP SIGNATURE-----
Anyway it's better do not touch this heap of troubles named ORBS. Those who wanted did protected themself by filtering them out; if you open some kind of lawsuite it force them to change the provider, not more - and cause sysadmins to protect themselves once more... Don't trouble troubles and troubles don't trouble you -:). I do not want discuss if ORBS is good or bad - it EXIST. On Fri, 7 Jan 2000, William Allen Simpson wrote:
Date: Fri, 07 Jan 2000 23:02:47 -0500 From: William Allen Simpson <wsimpson@greendragon.com> To: nanog@merit.edu Subject: Re: Netgate.net.nz/ORBS spam colusion
Dean Anderson wrote:
I would like to get your opinions on this.
My opinion is that you should sue them vigorously -- and lose. This would help the rest of us immensely by providing a solid precedent for common carrier liability regarding the activities of our subscribers.
My technical evaluation is that you were discovered to be operating an open relay, you have been notified that you are operating an open relay, and have failed to secure your open relay. Thus, through your own deliberate action, the publication that you operate an open relay constitutes an invitation to use the open relay. Your failure to enforce secure authorization practices is negligent, and you have failed to abate a public nuisance.
Whether your threat to encourage illegal penetration of another's system is criminal should be brought to the proper authorities for evaluation.
I'm sure that many of us would be happy to testify on behalf of Netgate.
WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/
[ On Friday, January 7, 2000 at 21:55:16 (-0500), Dean Anderson wrote: ]
Subject: Netgate.net.nz/ORBS spam colusion
So I'd like to propose the possibility that we should start probing New Zealand sites with SATAN, and publish site vulnerabilities on a web page, just like ORBS does. We would then deny responsibility for any resulting attacks on those sites by "script kiddies". Just like ORBS does.
Unless you can show how the supposed vulnerabilities of those sites are directly affecting millions of users worldwide in the same way as UCE forwarded through open relays is you will not be doing anything at all like what ORBS does. Indeed the "script kiddies" are learning to emply distributed attacks of sorts, but most used to date require lots of bandwidth between the compromised systems and the victims, not necessarily just an available set of vulnerable systems from which to launch their attacks. I doubt New Zealand is an ideal site matching their needs. Meanwhile ORBS is winning the fight against open-relay spam, slowly but surely. Why don't you just hire somone capable of fixing your own open relays and sign yourself off for six months vacation at some site of your choosing where there's no internet access possible, and quit bugging people who are genuinely interested in bettering the state of the Internet. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
Just one comment in this thread. On Fri, Jan 07, 2000 at 11:07:39PM -0500, Greg A. Woods wrote: [snip]
choosing where there's no internet access possible, and quit bugging people who are genuinely interested in bettering the state of the Internet.
Lest any observers think that ORBS is representative of or supported by everyone who is an opponent of spam, let me flatly state that it isn't. There are fringes of every community; unfortunately sometimes the outliers are the most visible. Cheers, Joe -- Joe Provo Voice 508.486.7471 Manager, Internet Planning Fax 508.229.2375 Technology & Network Development, RCN <joe.provo@rcn.com>
On Fri, 7 Jan 2000, Dean Anderson wrote:
I would like to get your opinions on this.
You've aparently mistaken this group for one that cares about your anti-anti-spammer rants. Please go away. People...please stop responding (or if you must, do so in private email).
I have been in touch with Netgate.net.nz, which now transports ORBS illegal traffic into the US. ORBS (Alan Brown) has indicated on spam-l that ORBS has (illegally by 18 USC 1030 2(b), 2(c), and 3) scanned thousands of US
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Hello All, you might want to take a look at the network:Created: & network:Updated: Fields of your own entries . That is if anyone still uses rwhois servers . Thought some might find these of interest . JimL Referral Whois (RWhois) spec version 1.0 (InterNIC V-1.0BETA2) Connecting to [rwhois.arin.net] port [4321] -> command line server %rwhois V-1.5:003eff:00 rwhois.arin.net (by Network Solutions, Inc. V-1.5.1) network:Class-Name:network network:Auth-Area:0.0.0.0/0 network:ID:NET-BABY-DRAGONS.0.0.0.0/0 network:Handle:NET-BABY-DRAGONS network:Network-Name:BABY-DRAGONS network:IP-Network:199.33.245.0/24 network:In-Addr-Server;I:NS2558-HST.0.0.0.0/0 network:In-Addr-Server;I:NS2559-HST.0.0.0.0/0 network:IP-Network-Block:199.33.245.0 network:Org-Name:System Techniques network:Street-Address:25416 - 22nd Ave. S network:City:DesMoines network:State:WA network:Postal-Code:98198 network:Country-Code:US network:Tech-Contact;I:JWL2-ARIN.0.0.0.0/0 network:Created:20190121050000000 network:Updated:19181231050000000 %ok +----------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | 25416 22nd So | Give me Linux | | babydr@baby-dragons.com | DesMoines WA 98198 | only on AXP | +----------------------------------------------------------------+
On Fri, Jan 07, 2000 at 09:55:16PM -0500, Dean Anderson wrote:
So I'd like to propose the possibility that we should start probing New Zealand sites with SATAN, and publish site vulnerabilities on a web page, just like ORBS does.
Telecom NZ/NetGate is one of about six carriers providing international internet access to New Zealand. I know this wasn't your point, but I am irked :) The implication is as silly as me saying "I have a problem with a downstream site of UUNET. Therefore every network in the US must pay." Joe
On Fri, 7 Jan 2000, Dean Anderson wrote:
I would like to get your opinions on this.
Crap. I guess I get to add the second entry of this type to my .procmailrc. For everyone else's benefit, the following works quite nicely. Add to your .procmailrc near the top. ----CUT HERE---- :0 * ^From:.*dean@av8.com /dev/null ----CUT HERE---- FWIW, his is only the SECOND address I have had to add to my .procmailrc. The name of the first I won't mention as If I do, I understand several nanog member's filters will toss this message by even mentioning the person. You may also want to include a similar recipie for the followups... The proof is left to the reader. - Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------
participants (10)
-
Alex P. Rudnev -
Dean Anderson -
Forrest W. Christian -
jlewis@lewis.org -
Joe Abley -
Joe Provo - Network Architect -
Mr. James W. Laferriere -
William Allen Simpson -
William X. Walsh -
woods@most.weird.com