MAPS vs. ORBS 278
Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?
Canter and Siegel spam (Score:2)
First spam (Score:2)
Alan Cox diving under a rock? (Score:2)
- he's stopping work on the 2.3/4 kernel
- he's going to continue maintaining the 2.2 kernel, but,
- he's heavily filtering his mail, so that only people who contact him regularly can reach him
This seems a little extreme....
Maybe he's just taking a little break while he rebuilds his new (old) house, but I can't help but wonder if everyone's favourite Swansea hacker isn't feeling a little burnt out these days.
Hey Alan, you out there? Is anything wrong?
Re:FINALLY! (Score:2)
Except this person you know, because someone else could crash it and as someone else pointed out that with code that potentially sloppy, its probably go other problems (buffer overruns, etc) too. Having been probed by ORBS myself, and having personally written the MTA code to make smap not vulnerable to relay attacks as ORBS found that the venerable smap had in it, I have very little empathy for your friend. I understand and agree with his frustration, but I also know for a fact that ORBS is not doing anything that violates RFCs or should crash an MTA that can handle standard RFC complaint headers. In fact, this is the first time I've heard of an MTA crashing from a relay probe.
In a former life, I wrote the code for NetSonar (Ciscos vulnerability scanner) that looks for relay vulberabilities in MTAs and in all the vendor products we tested (granted, there are bound to be products we couldn't test) I never saw an MTA crash from a relay probe. Your friends MTA sounds really fubared to me. At the very least, it should motivate him or her to get it fixed. If a relay probe is crashing it, that MTA has other problems IMHO.
If someone found a bug in your system, and you couldn't easily fix it, would you agree that it was reasonable for your system to be taken down every so often, every time some guy wanted to take it down, and the guy is not only *allowed* to do this, but *encouraged*, because Slashdot readers unanimously agree that, if your server can be crashed, it's your own fault for running a crappy server?
No. If my server had that sort of a problem I would fix it or try to find something that works better. Nothing is perfect, but if a solution exists to solve the problem (eliminate the bug) I will take that anyday over complaining about the problem or hoping whatever is causing it will go away - especially if I have no control over what is causing it like your friend. No offense to this person your know, but I still don't understand why someone wouldn't fix that part of the problem they have direct control over. Perhaps its the engineer in me, buts thats always the first thing I start with. I prefer the solution I can make happen now, rather than having to rely on someone else to either do something for me or to stop doing something. Again, keep in mind that when ORBS found problems in my MTA I personally wrote the code to fix it. So my perspective is a tad biased in that I have the capability to fix the problem myself and I am inclined to solve problems technologically, when possible, rather than rely on someone elses actions or inactions to solve it for me.
DOS is DOS. It doesn't matter if the guys doing it claim to have white hats.
No, intent matters. When I was being paid to break into a large corporation *by that large corporation*, I was using strobe (no nmap in those days) to find open ports on a class B network. A simple three way handshake downed ALL of that companies RAS servers. A feature of those RAS servers was that each modem was bound to it own port (2000 and up) so an administrator could access each modem remotely via telnet. Neat feature... BUT... the vendor didn't design the telnet daemon well. If you opened the socket with TWH, and then tore it down (like a connect() scan does) the daemon should have released the port back to the modem - because the session was gone. Thats RFC complaint behavior. The vendor however did not design it that way, and all the modems got locked out because the modems were waiting for input from the telnet daemon - which was listening to a dead session that had been torn down. A stupid bug to be sure - and it DID deny service to that coporation. Was that a DOS? Technicall yes, but its was intended to be a DoS, nor should that RAS server have acted that way. The RAS server was BROKEN. There was no excuse for it to act that way and the vendor eventually fixed it.
So, my point is that intent matters. ORBS is, I'm sure, not trying to DoS your friends system. And, it sounds like your friends system is very very broken. It needs to be fixed, because what ORBS is probably doing - and from past experience does - should not crash an MTA. ORBS could stop. They do not have to test this system. The only argument they have for testing it is the belief that it could somehow magically turn into an open relay. It's not an open relay. It won't be. In fact, the most likely outcome of their behavior is that the MTA will be replaced - and the result might be open. If they leave him alone, everything is fine. Only one problem with that: Alan can't accept a world where he can't fuck with anyone he wants, any time he wants. If you like this, I only hope you have the honesty to still stand up for it when it's your box being crashed by some asshole with a net-abuse-friendly provider.
--
Python
Re:FINALLY! (Score:2)
That is NOT net abuse and I wish people would stop overusing this term. There is real net abuse and this is not it. An MTA that can not handle RFC compliant headers and is crashing because of it is not experiencing net abuse - it just buggy software that needs to be fixed.
--
Python
Re:FINALLY! (Score:2)
Regardless, your friend has total control over fixing his or her server and therefore would mitigate their problem immediately and finally. Its obvious your friends server has a serious problem, independent of ORBS, in that anyone could crash it. So again, given that the solution, fixing the server, is obvious, simple and within your friends grasp. Why would your friend continue to operate otherwise?
--
Python
Re:the right to have an insecure-but-harmless syst (Score:2)
Open relays are bad bad bad bad bad bad. There is no reason to run an open relay except out of laziness. SASL, pop before SMTP, authenticated SMTP, libwrap and lots of other methods exist, for free, to secure a relay and yet still make it possible for authorized personnel to use them.
We already tried the "Gee... lets just let everyone run their MTAs anyway they want" and it didn't work - we got spam. Then we tried asking please and that didn't work. Then we tried lists of known spam sources, and that didn't work. Then someone got the bright idea to scan for open relays so we could block them *before* the spammers started using them. It works wonderfully. Then someone got the bright idea to create a list of dial up users and that has worked out delightfully well too. Thanks to RBL, ORBS, DULS and other black lists we've managed to almost entirely wipe out our spam problem.
If you want to run an open relay, be my guest - its your business to run your box anyway you want. But I do not have to accept traffic from your relay just as no one is stopping anyone from blocking ORBS *to their systems*. No one is being forced to use ORBS either. But more to the point, sending e-mail to a box is NOT giggling its door knob. No one is trying to break into the open relay. Their just testing to see if it accepts mail to certain destinations and then making note of that. And intent MATTERS.
Using your example, what if the police came around, checked the door on my house, found it open and then told me about it so I could lock it. I would call that a VALUABLE service. If my neighbor did the same thing, I would also call that a VALUABLE service. Still, the internet is not a collection of houses. Its a collection of interconnected machines whose security posture in interdependtly related to the security posture of the systems around it. Spam is possible because MTAs accept messages as part of a wholy untrusted model. Open relays contribute to this problem by making it possible for spammers to relay their junk thru insecure servers, which directly effects the systems which are secure. Blacklists help mitigate this problem, but a wholy reactive approach like the RBL only catches a fraction on the traffic. Proactive measures, like finding misconfigured and poorly managed relays - and dial up host lists - can prevent future spam from being accepted BEFORE the damage can be done.
Intent and perspective make all the difference in this. ORBS provides a valuable and useful service. If you don't want ORBS sending your MTA an e-mail message, then block traffic from ORBS. Better yet, if you run an open relay - close it and help make spam go away.
--
Python
Re:Totally Unnecessary (Score:2)
and why was
yeay,
whatever. i figure i'll just keep reading
ORBS helps spammers... (Score:2)
Your Working Boy,
Re:MAPS != ORBS (Score:2)
Perhaps a robots.txt equivalent for sendmail not enabled by default, so that conscientious admins can lock down their boxes and set the scanner to pass along?
Your Working Boy,
Stupid Unix Tricks (Score:2)
Heh.. Try logging in with a load of >100.. Did that on an RS6k 7013-570 w/64MB RAM timing out on a massive mail queue (AIX 3.2.5 + sendmail 8.6.X).. Fun!
Your Working Boy,
Re:I dont get it. (Score:2)
&rant(on);
Any sysadmin that has a problem with an ORBS scan is a worthless sysadmin... it's simple... whatcha paranoid about? you dont have the skills to secure your box? get out of the business!
&rant(off);
Above.net is actually engaging in some serious, and quite probably illegal shit IMO.. BGP hacks are the kind of thing that most networks slap down on HARD.. Not any shmo can get or is qualified to have an AS..
Any ethical ISP would boot Above.net from their network, and inform the FBI...
Your Working Boy,
Re:FINALLY! (Score:2)
Legitimately, if this bug is enough to bring down the server, the coding is probably so sloppy as to present significant security flaws and buffer overflows as well.
If you're going to be connected to the internet, you're going to need robust, secure software. Does ORBS engage in any non-RFC-compliant communications? We'd hear of lots more issues if it did...
In other words, yeah, in theory, nobody should be forced to do anything they don't want to do. But in theory, communism works. Wake up and smell the packets.
I use the same rationale with our NT staff each time I run nessus probes on their servers.. if I can crash your server, just think what a malicious and crafty cracker could do with it..
Your Working Boy,
Re:Additional Background and Perspectives (Score:2)
Sure, but above.net aren't doing that. What's happening is (approximately) that ORBS' upstream provider is telling the world that it can route to its networks (including ORBS) through above.net. Since above.net blackholes ORBS (as is their right - they're under no obligation to carry traffic they don't want and haven't agreed to carry) anyone trying to use these routes has problems. The fix is for ORBS' upstream to stop advertising above.net as a route to ORBS.
Oh, that's just great. (Score:2)
Now that they're pulling this crap, I think my chances of getting a place like Bigfoot to start using their services is oh, somewhere around Zero.
What would be nice is some sort of tiered system on either service - say 0 to 10, where 0 is everything gets through, and 10 is "filter 'em all, and let God sort them out" and varying levels between the two... 5 would be some opt-in place that doesn't require double confirmation, etc.
Would that be possible?
Re:Does spam actually work? (Score:2)
I think its like the banner ad idea. Everyone knows it doesn't work, but for some reason it drives much of the Internet Economy (well the porn side of it anyway)...
Of course if you have the mentality to believe that the SPAM you are sending out is going to ACTUALLY work, then you probably don't realize how much time you are wasting.
I think the two most popular peices I get are "new mortage for your home" and "buy an email list." Neither of which seem to relate to me. (I love the mortage ones because I get them to my UNIVERSITY account.... yeah, as if I have a home to refinance anyway).
Oh well, I guess I'm just lucky I'm good at hitting D-D-D-D-D-D-D-D-D-D every morning.
---
Re:As far as I can tell ... (Score:2)
Re:Totally Unnecessary (Score:2)
Thats probably what prompted michael to mention it. In general the
Since kuro5hin is discussion-focussed and
Clearly
As far as I can tell ... (Score:2)
1. MAPS did indeed blackhole ORBS, but opinions seem to differ on whether it has stopped. ORBS is in the habit or testing random relays without asking permission or having evidence of their use for spamming. Rumour keep arising that ORBS also trawls IP-space looks for relays, and that it is impossible to get them to stop testing you, even if you ask (which gets you put on their static list of sites that refuse to be tested). The MAPS guys consider this to be net abuse.
2. Other than ORBS, everyone involved denies that above.net falsely advertised routes for ORBS traffic. Paul Vixie seems to think the misperception (or alternatively the maliciously false accusation) arose because Telecom NZ (ORBS service provider) chose the wrong way of routing ORBS traffic around above.net. Above.net have, however, blocked ORBS traffic in their own network, which they have a perfect right to do.
policy note (Score:2)
Not true-- I have nothing to do with the process. All stories go into the queue immediately upon submission, and voting begins. Voting determines the fate of the story, completely. I *can* post things manually, but I don't, ever, and voting will always start right away whether I'm around or not. Just a clarification.
Oh yeah, and if anyone else was curious, as of today there were 3500 confirmed users on K5, and though submissions vary wildly, it seems to be between 5 and 20 per day. Of those, usually no more than 5 or 6 end up being posted, but that varies a lot too.
--
setting the record straight (Score:2)
--
more info... (Score:2)
the front page on the orbs site also has a list of email addresses to complain to if you don't agree with MAPS's actions. quick cut 'n' paste:
go forth and complain.
--
No more cold calls (Score:2)
Unsolicited email is less of an interruption because I'm already sitting there, going through my email. I'm in email reading mode, so it's not a distraction from what I'm doing. The damned phone can ring at any time no matter what I'm doing. It's a distraction, at the least, an interruption if I bother to answer it, which I usually don't. That's what answering machines are for.
Phones could disappear tomorrow, as long as I've got email and the 'Net, and I would rejoice
I guess I'll just have to hack up a device for my phone to identify cold calls and disconnect them before the phone rings.
While we're at it, we ought to get rid of all these businesses trading personal information. If I want to do business with you, I'll get in touch with you. You don't need to come looking for me. 'Cause even if I wanted to do business with you, now I don't, 'cause you've intruded on my life and tried to set the agenda for when and how I deal with you. Well, I'm the customer, so FUCK YOU! I'll take my money and (much more importantly) my time somewhere else, where I'm actually respected as more than just a gaping wallet.
Oh well, 'nuff ranting.
Re:No more cold calls (Score:2)
I've tried this don't call me shit, and the telemarketer that called Tuesday night was from a company that I had previously told not to call me. That shit doesn't work.
The simple solution is to ban cold calls outright.
Re:Censoring (Score:2)
Get a life Signal. It's the decision of the Slashdot staff what to post and when. They've gotten burned several times for posting things without all the facts, and I, for one, applaud them for waiting on this one and posting a number of good information sources within the post.
Good job Slashdot. Don't listen to the complainers.
Ben
Re:Kuro5hin.org (Score:2)
> put it up. This is obviously newsworthy for
> nerds.
Without question this story is newsworthy. It is for that exact reason that it should *not* have been posted until the game of he-said she-said that was going was resolved to some extent. Without all the facts, the discussion is not valuable at least if not counterproductive.
> I honestly don't think starting a flame war
> between kuro5hin and slashdot is ever
> going to be productive.
Agreed. However, it should be pointed out that the two sites appear to have different goals, and the question of which is better is prime flame war material.
Ben
Re:Additional Background and Perspectives (Score:2)
Ouch! For once I wanted to be wrong, only to have been premature in my euphoria. Indeed, it appears that above.net is behaving unethically and deceitfully, and that the appearance of "making up and shaking hands" was the result of an earlier incident in June, taken out of context as "spin control" to mitigate the justified outrage at their current behavior.
Shame on above.net (yet again), and many thanks for pointing out the discrepency (which I'd failed to notice).
Commercial spats OK, private spats not? (Score:2)
We deplore blocking terrorism, and in this case, since it isn't even a commercial battle, these tactics would seem very inappropriate.
I find this comment more than a little disturbing, probably because it is a shocking mirror of just how deluded and two-faced our collective "corporatised" ethic has become.
The implication is that "blocking terrorism" (to use the Register's phrase) would be more palatable if commercial interests were involved, but because the battle "isn't even commercial" it is somehow worse! I find this notion profoundly absurd.
An unethical action is just as unethical if done for commercial reasons as it is if done for private reasons. This notion of "it's business" and "it's my job" vs. "but I'm a nice guy in private" is reprehensible. If an action is wrong in one's private life, it is just as wrong in public or professional life.
What above.net is doing is wrong. Period.
I appluad Alan Cox and Kiri5hin for getting the story out, and slashdot for belatedly picking up on it (and, as an aside, I agree with others that slashdot's gratuitious bashing of k5 was unnecessary and unprofessional). There may not be legal recourse, but with enough bad publicity and enough customer defections the same result can be achieved: punishment and future restraint on the part of ISPs who would abuse the internet's trust model and undermine the usefulness of the net for all of us.
As I said before, above.net needs to be bitch slapped. Hard.
Lots of random noise. Things are actually simpler (Score:2)
2. Above has a very "interesting" proprieatry routing practice and traffic engineering. It is vaguely described on above site. Go and read.
3. There have been numerous times when above has shot itself in the foot using 2. Check nanog archive for details.
So:
1. There is no point on Orbs side to blame above for maliciousness when incompetence will suffice. It is quite possible that above is leaking routes not out of malice but due to their routing specifics. See 2,3 above.
2. Orbs are complete and utter idiots. Clueless as well. If someone starts blocking a open relay probing site this is not an indication of active spamming. Usually the opposite (see BUGTRAQ discussion from last Feb 1999 on mail address list collectors and Alan Cox's suggestions). Note that above actually uses the BGP form of RBL as well, not just mail relaying. And I am on above side here as there has been repeated cases when orbs have been actively used by spammers to seek and use open relays.
3. It is completely within telecom-newzeland's rights or UU-nets rights (as the upstream ISPs of ORBs) to bust above's arse. And if orbs had a clue they would have done the steps necessary for this long ago.
Deja Discussion Link (Score:2)
Re:If anyone is wondering why Kuro5hin (Score:2)
As an example, I never heard of Kuro5hin until now. I guess I'll start reading it.
the right to have an insecure-but-harmless system (Score:2)
Suppose that I seek out such neighborhoods by going from house to house, trying front doors to see if they're unlocked -- and then leave notes in people's houses saying that if they don't improve their security, I'm going to put their addresses on a billboard facing the nearest highway. Am I providing a public service, or am I the sort of malicious stranger that the community should protect itself against?
--
that "seemingly clueful post"... (Score:2)
Can some technically clueful and politically neutral person investigate and report what's happening?
For an ISP to misroute traffic bound for its competitor is indeed a sleazy tactic -- but since it's sleazy and likely to be discovered tactic, the damage to the perpetrator's reputation would probably not be worth the benefit. Therefore, I would give MAPS and above.net the benefit of the doubt until more information comes in.
--
Simply unprofessional... (Score:2)
kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post
I believe this statement was very dismissive and judgemental towards K5 and an apology is, IMHO, in order.
--
Quantum Linux Laboratories - Accelerating Business with Linux
* Education
* Integration
* Support
Re:FINALLY! (Score:2)
ORBS claims to be blocking open relays. In fact, it is doing a lot more.
ORBS is abusing the net. Yes, a malicious cracker could do the same thing - but if they didn't pretend it was about stopping spam, no one would tolerate it.
Think about it. Wouldn't *you* expect someone to be kicked off for willfully and repeatedly crashing a box using a known exploit?
Re:FINALLY! (Score:2)
Anyway, he doesn't "fix" the server because, except in terms of *ONE* person doing *ONE* thing, it *isn't broken*. It runs. It doesn't relay mail. It doesn't crash unless ORBS probes it. It doesn't open anyone up to any kind of security problems. On the other hand, it *does* do what he wants, correctly, and without further administrative effort.
If someone found a bug in your system, and you couldn't easily fix it, would you agree that it was reasonable for your system to be taken down every so often, every time some guy wanted to take it down, and the guy is not only *allowed* to do this, but *encouraged*, because Slashdot readers unanimously agree that, if your server can be crashed, it's your own fault for running a crappy server?
DOS is DOS. It doesn't matter if the guys doing it claim to have white hats.
ORBS could stop. They do not have to test this system. The only argument they have for testing it is the belief that it could somehow magically turn into an open relay. It's not an open relay. It won't be. In fact, the most likely outcome of their behavior is that the MTA will be replaced - and the result might be open. If they leave him alone, everything is fine.
Only one problem with that: Alan can't accept a world where he can't fuck with anyone he wants, any time he wants.
If you like this, I only hope you have the honesty to still stand up for it when it's your box being crashed by some asshole with a net-abuse-friendly provider.
Re:FINALLY! (Score:2)
I do see abuse in someone being connected to the net and continuing to crash a system after being asked to stop doing so. Maybe the system should be crash-proof. It doesn't matter; once you're told that you're triggering crashes, continuing to do so is script kiddie behavior.
It comes down to whether or not Alan Brown gets a special license to crash systems at will, which is unique to him and no one else is allowed to do it. I don't see why he should.
Remember, we are *not* talking about an open relay. We are talking about a box that cannot be used as the basis for any kind of attack on anyone else. It may be flawed, but its flaws are harmless to everyone. ORBS may also be flawed, but its flaws have people being paged at 3AM around the world.
Re:the right to have an insecure-but-harmless syst (Score:2)
If you are going around searching for guns, and you find a house with no guns, and accidentally set it on fire, and you keep coming back and setting it on fire, even though you know the owner will never leave a gun in his house, and always leaves the door locked...
There comes a point where the only responsible thing to do is stop probing a given host. If Alan were capable of seeing beyond his own ego justifications, he would be able to leave people alone. But, for now, we are in the world where, if you don't recognize Alan's self-granted right to interact with your systems in any way he wants, he'll tell people you're a spammer.
Re:the right to have an insecure-but-harmless syst (Score:2)
But, in a number of cases, only Alan Brown *does*.
That's why he's a black hat, not a white hat.
Re:FINALLY! (Score:2)
This exploit is not widely known.
One guy decides to try to test for a possible security hole. You don't have the security hole, but his test crashes your computer.
How is this your fault? The bug isn't being tickled except when someone attacks you.
Now, in the ORBS case, it's worth remembering that ORBS *knows* that this server is secure, and *knows* that this test crashes the server.
Should the guy get a new server? Sure. But why should anyone be allowed to *FORCE* him to, when *HIS SERVER IS NOT A THREAT TO ANYONE UNDER ANY CIRCUMSTANCES*. Remember, it is *NOT* an open relay.
ORBS may be "designed" just to test, but they know they are crashing some people's computers, and they don't care, and they won't stop. It's not about stopping spam, it's about forcing people to jump when Alan says "jump". That's not *preventing* net abuse.
Finally, no, it's not the case that "anyone" can have their system taken off the list. If your system is listed *for relaying*, you can be taken off the list. If your system is listed *for complaining*, nothing will get it taken off the list except saying "Thank you sir, may I have another."
If ORBS were only about open relays, and they were willing to leave people alone once those people were not open relays, I don't think anyone would mind them.
Re:FINALLY! (Score:2)
If Alan were trying to not crash the server, he'd stop probing it.
Re:Additional Background and Perspectives (Score:2)
ORBS is about blocking open relays, and about blocking people who don't like the massive testing and retesting they will do of any computer they've ever heard of.
MAPS is about stopping email abuse.
When you think about it this way, it's obvious that MAPS has to list ORBS.
I stand corrected (Score:2)
I thought I remembered reading that a few months ago when I found your site - guess I was wrong and I should have read it again before I went off and posted.
Yes, you are on crack.... (Score:2)
Look at Kuro5hin. Look at the number of stories that get posted - what is it, about 5 or 10 a day? As rusty says, if he does not accept it immediately, he turns it over to the readers to vote on.
Now, I have no idea how many users are on Kuro5hin, but I am willing to bet it is a hell of a lot less than
I saw emmett here in Kansas City at the Linuxfest 2000. In his talk he said there were something like 600 submissions a day. Even with all the duplicate submissions, that is ONE HELL OF A LOT! Say only 10% of all the submissions are unique - that is 60 stories a day. Of those I am sure a lot of them are absolute crap. And a lot of them probably don't have links. So say only 2/3 of those are any good. That is still 40 a day, which in some respects is a bit overboard to try and keep up on.
MY judgement. (Score:2)
1) A simple probe to see if a mail server is relaying or not is by no means an 'attack' and does not harm anything.
2) The only reason any of these services work are because ISPs *CHOOSE* to use them. THey do not censor anything themselves, the ISP DOES.
A fundamental principle behind the internet is that each piece of network can grow *as it wants to* carrying whatever traffic *it wants to*. IF they want to block traffic based on what a third party says.. that is THEIR RIGHT.
Re:Totally Unnecessary (Score:2)
The intent was to beat up on the conspiracy theorists, who mainly reside on slashdot.org but seem to have migrated to k5 as well.
I hope people can see that the site and the posters are two distinct entities.
--
Michael Sims-michael at slashdot.org
Re:Lonely Lily (Score:2)
Re:I posted the /. "bashing" comment(s) on K5 (Score:2)
Routing games (Score:2)
Since I am off in remote (in internet terms) places on a special project, I can't really see what is going on with the BGP routing tables. But people have been pinging me over the last few days because someone is poisoning the route info to get to ORBS.
Someone is injecting false BGP4 routing information into the internet, to advertise shorter routes to the whole class B subnet (202.36/16) containing ORBS class C subnets (202.36.148/24). This effectively sucks all the traffic to their routers and then to
I'll leave it up to the rest of the
I was a bit concerned by
the AC
Why they /should/ be used, and more than one, too. (Score:2)
Responding point-by-point:
Frankly, I don't have time to keep up with the spammers. They find new open relays every day. I'm just as happy to let someone else spend 10-12 hours a day chasing them, and if they block something I don't like, I don't have to use them.
That's the point, my friend! They change dynamically, just like the spammers do! If a site I was talking to days before gets a new admin, a new version of FooMail, a new routing table, whatever, and the spammers start abusing it, I want it blocked until the admins fix it. And once it's been fixed, these blackholers are traditionally very responsive in removing the system, just as dynamically.
Fortunately, there are more than one, and you can mix and match your blackholing sources. Would you rather have a single source and no choice at all? Besides, there are going to be petty disputes over everything, no matter what solution we choose.
battling a great evil (Score:2)
Really, the best people to benefit from this war arre going to be the spammers. Why don't they do the corporate thing and merge?
Re:Why they /should/ be used, and more than one, t (Score:2)
I don't know why we need a service for ORBS. Why can't I just adjust sendmail to not recieve mail from open relays, i.e. do what ORBS dose, but keep no database. Shure, it's more email load for the internet, but these are small infrequent transmitions so it wont bring anyone's system down.
Fortunately, there are more than one, and you can mix and match your blackholing sources.
Now, this is a good idea execpt some lists (ORBS) are much longer then others (MAPS), so you really need a thumbs down, neutral, or thumbs up flag, i.e. block everything ORBS tells you to block unless MAPS specifically says not to block it.
Re:Spam legislation won't stop the problem (Score:2)
Those were the good old days.
Re:Spam legislation won't stop the problem (Score:2)
You're probably right about pushing this offshore, but I'm willing to bet that US citizens sending spam from the US to the US by way of an offshore open relay will still be prosecuted under the law.
--
If anyone is wondering why Kuro5hin (Score:2)
12:09pm up 1 day, 18:21, 1 user, load average: 13.08, 13.59, 13.66
The
You wouldn't believe how long ssh takes to login when the load is 15.
Thanks for not censoring this story by DDoSing the competition or anything, Michael
---
Re:I like spam (the email kind) (Score:2)
ORBS is a net.terrorist! (Score:2)
ORBS attacked my site with their probe attacks.
I sent them a e-mail:
1) Asking why they attacked my site.
2) Asking them to provide proof that my site was used for spam.
3) Asked for this information to be sent via snail-mail, as I would be adding thier hosts to my access list as REJECT.
They attacked it, and within 8 hours I wrote my letter....why was I able to write in 8 hours? I watch my logs (like any good sysadmin) That is why I wanted to see PROOF of the 'spam'...if I didn't see it in my logs, I wanted to know how a spammer would have done it.
In fact they had me in their 'cartoonie threats' catagory BEFORE their automated system listed my site as OK.
And now, I hear my site is listed as "selectivly open relay", when the reality is that my host is not, nor has it ever been a 'open relay', selective or not.
If ORBS was reasonable, then I'm sure they would have the good will that MAPS has. But, given ORBS bullying tactics and placing hosts in their lists because they object to blind probe attacks, ORBS should be listed in MAPS!
Re: Editors paid? (Score:2)
I'd cut them some slack here. I think it's laudable to try to verify such an inflammatory story rather than rushing to get it posted.
- The Boston Lunatic
Re:I posted the /. "bashing" comment(s) on K5 (Score:2)
The life of a journalist is a hard one. Hey, there has to be some downside to the power to cloud men's minds. :-)
Seriously, as long as you've been honest and honorable (which you have), that should be a sufficient moral defense.
- The Boston Lunatic
Re:Here's the Real Facts (Score:2)
ORBS is a net.terrorist! NOT (Score:2)
Right so far.
Wrong, wrong, wrong. If you are smart enough to run a server you have to be smart enough to know you are talking out your tailpipe here, so the conclusion that you are deliberately lying is a reasonable one that many readers can be expected to make.
As you must know, what ORBS does is use the same checks a spammer would to find exploitable open relays to use, but UNLIKE a spammer, instead of exploiting your security holes, they inform you of them (or at least make a legitimate effort to inform you of them, more on that in a moment) and DO NOT PUBLISH the problems they have found unless you refuse to rectify the situation within the next 30 days! IF you refuse to fix the problem within 30 days, it does not seem unreasonable to suppose that you have no intention to fix the problem, and therefore it makes perfect sense that they feel the need to publish your site as one that their subscribers will not want to accept traffic from. If this is wrong, I'd love to hear you explain why.
No, it looks like they have implemented an effective way to fight spam. MOST system administrators are quite happy that ORBS is out there trying to find security problems BEFORE the spammers do, and notifying responsible parties BEFORE their equipment is hijacked.
The fact that you object to this certainly suggests to me that YOU, not ORBS, might be fronting for spammers.
I think I understand you perfectly, I think most people reading this will understand you perfectly, and I think Pi showed complete understanding of what you are saying when he wrote:
When you block their traffic, refusing to allow them to inform you of the problems they find in your network, what option do you leave them? Should they bother to snail-mail someone who is so obviously carrying a chip on your shoulder against them? I certainly wouldn't. Even if you aren't a spammer or knowingly providing services to spammers (which is a reasonable suspicion given your own account of the situation) then for whatever other reason your attitude is going to make it pointless for them to waste their time trying to talk with you. They made a reasonable effort to contact you, you chose to do the equivelent of sticking your fingers in your ears and chanting while they talked... you deserved what you got, and probably a lot worse.
Hold Your Horses... (Score:2)
To put things in perspective kuro5hin has an average of 2 or 3 stories in its submission bin at anytime while slashdot has over 400 (the last few times I've submitted a story it's been 450). So it is understandable if it takes them a little longer than kuro5hin to get a story posted since all it takes is a handful of yays to get it to the front page.
Remember also that just yesterday slashdot got bitten by a fake story [slashdot.org] and don't forget the story about the Oracle NIC violating the GPL that turned out to be bogus (can't find the link for some weird reason). Frankly I applaud Slashdot for showing restraint in posting this instead of rushing this to the front page like the many Bruce-Perens-someone-is-violating-the-GPL stories that could have been settled amicably by sending an email or two but instead turned into public tar-and-featherings.
Re:FINALLY! (Score:2)
You complain that ORBS lists servers that do not cooperate. Well, if they didn't, obviously the system would be totally ineffective.
You claim that ORBS blacklists people who complain about them. How is that possible? Anyone can go to the ORBS site and have their system tested and taken off the list if the test passes.
The point of ORBS is they are a big bully with a stick. If you have a misconfigured mail server, they whack you. Yeah, it's tough. But it's the only way to do things. Saying "please" doesn't cut it. Everyone acknowledges that open relays are a problem - someone has to put pressure on companies, indivuals, and ISP's to put forth the effort to change them. If you are an IS guy, ORBS can be your friend. If you need a better mail server, telling your boss that it would be nice if they spent money and time and got a new mail server because your current one may allow spam is usually ineffective. Your boss doesn't care about spam. But telling your boss that the company could be blacklisted if they don't upgrade is a different story. You'll get what you need to do a proper job.
Re:ORBS is a net.terrorist! (Score:2)
I think your use of the word "attack" is a bit of an overstatement. There is a total of 12 different SMTP transactions. I've had probes come over my heavily overused 28k8 line (it routes a /27 full of workstations) on a heavily underpowered mailserver (486dx4 with 16MB) and never noticed anything apart from the logfile entries.
I can't really judge your case without having an IP-address to look at the history. However, demanding that they mail you information over snailmail is not exactly showing an open mind from your side. Sounds much like "send me a signed letter so I can feed it to my lawyer who will crush you like a bug HAHAHA", which would indeed fall under the "cartooney threaths" department. However, I wasn't there, so without seeing your email I again can't judge what happened.
Finally, you were listed as "untestable", which gives a distinctive reply (as in, not 127.0.0.2) when looked up through the relays.orbs.org zone. It also does not appear in the much cleaner inputs.orbs.org zone.
HTH. HAND.Pi
Re:FINALLY! (Score:2)
- Your friend's mailserver is a security vulnerability. The vendor-provided update should be installed pronto.
- I have witnessed one incident with a mailer crashing in the past and have been very helpful with the administrator of said server. I went as far as temporarily blocking access from the tester on our border router. It was in the planning to even add explicit banner-checks for mailers that choked on this particular test if more reports came in (none did).
- They're not telling people you're a spammer if you don't allow their probes. They are telling people that they cannot verify that you are a spammer and leave the jumping to conclusions to implementing parties. Paranoid people will feed their rejects out of relays.orbs.org and dump you. The more optimistic admins will simply add a score-tag or take the inputs.orbs.org zone and let your mail go through.
- ORBS didn't retaliate by farming out the relaytester. It was consistantly hosted by MIS, until telecomNZ got pressured to force them to drop it. Then it was consistantly hosted by Vuurwerk. It was moved out of necessity, not out of strategic considerations in an attempt to piss off administrators and thwart their security policies.
HTH. HAND.Pi
Re:Slashdot Users and Spam (Score:2)
there is always someone saying "How nice of them, I just signed up 2 minutes ago to my ISP and they are mailing me a way to make millions on the Internet, thank you buba_make_money_juice@hotmail.com, you are a kind soul"
After you say get 5 spams, you just stop reading them and you build an natural defense for spam where it no longer works.
I wonder what the first spam ever sent out was?
Worry About The FBI -- Not these pidley Co's-Scale (Score:2)
--
It's easy to upgrade your MTA, right? Well... (Score:2)
Now, most mail admins for larger companies aren't as lucky. Of course, one can argue the wisdom of running with software we all know to be substandard, but a fact of life is that there are a lot of folks out there who do not have the luxury to upgrade something the PHB thinks is doing an okay job.
Heck, part of my perceived good track record is the fact that I kept a piece of junk called cc:Mail alive well beyond its design limits for the better part of four years. I did this by employing tactics like rebooting the SMTP gateway every half hour, duplicating the thing and setting up equal weight MX records to distribute the load, etcetera.
The problem is, everyone knew cc:Mail was a piece of sh^H^Hpowerful fertilizer that grows your business. But as long as the PHB sees his salesman on the golf course and gets the confirmation that if his staff can't keep the server alive, it's the staff that's incompetent, because, here, look: FooBar corporation uses the same software and it works just well and that's a really nice shot, shall I retrieve your golf ball from the bunker?
The bottom line is that forcing people to upgrade their system is not particularly going to be good for the poor sod who actually runs that system.
I'm always grateful when really damning bugs appear in software I don't particularly happen to like. But I frown on the practice of ramming upgrades down peoples throats.
cc:Mail was replaced by lookOut. I refused to go implement that, so people were hired to do that. I just do the firewall now. Not everyone is so lucky, or willing to speak up against powerful PHB's, or... you name it. Welcome to corporate reality.
Re:Stamps for E-mail? (Score:2)
All I said was that if you want to stop spam, you gotta make it cost companies more to send it than they hope to get back. There are a lot of ways that a consumer can cost a company money, many of which are perfectly legal. Your habbit of calling their 800 numbers is along the lines I was talking about.
Spamido - How to avoid spam. (Score:2)
Spamido, or, Zen and the art of spam avoidance [freeserve.co.uk]
Spamming Offshore Anonymously = EASY. (Score:2)
Yup. Unfortunately, spammers don't play by the rules. They frequently break into e-mail accounts, or coerce the gullible neophyte to provide an account name and password. Therefore, forgive my skepticism, I doubt there's much that the government can do about it.
Lots of spam originates from XXX websites, and from people selling CD-ROMs of e-mail addresses. There's absolutely nothing to stop you setting that up offshore. Liberia, for instance, has laws that protect the anonymity of company owners; this anonymity is a big reason why a lot of ships fly the Liberian flag - less personal liability to the owner.
All you'd need to do is register a Liberian corporation (which does not require citizenship or even residency), get an account with a Liberian ISP, and spam to your heart's content. The Liberian government wouldn't provide your name or any other information to you, even with a US demand.
There has to be a way to put a stop to that possibility.
Those were the good old days.Back when Usenet was still useful. Back when you could put up your e-mail address on a webpage that would be viewed by either Lynx or Mosaic exclusively. Back when my e-mail took seconds to download, even with my old acoustic-coupled 300 baud modem...
<sigh>
The only solution that would do this is to declare war on spammers, and attempt to hack all of their systems to their knees. But, legislation would have to be in place that respects the self-governing nature of the Internet and ensures that acts of electronic vigilantism like this are only allowed to be directed at those who are, indeed, by legal definition, guilty of spamming. We don't want to legalize DDoS attacks agains Yahoo, etc.
Re:How many law suits will come of this (Score:2)
Actually, more importantly is the cost of the legal representation, because you can bet the spammer isn't going to be getting into the habit of passing out $500 to everyone who complains.
More likely, it'll mean that the spammers will just work harder to cloak themselves better, or move offshore.
It's not going away, folks.
Re:Illegal to have an open SMTP server (Score:2)
Does this mean that if I have an open SMTP server I can be held liable for junk e-mails flowing through my system?
I'm not a lawyer, but I think this says that if you know you're relaying spam, you're liable. If you don't know, you don't know, and won't be held liable. (But it would be a pretty damned good idea to make sure your servers are secure, anyway.)
Re:No more cold calls (Score:2)
Yup.
I have no problem with doubleclick.net and stuff like that building huge anonymous user-tendencies. It increases user clickthrus, meaning more money for the website, and ads that are more likely to reflect my interests and maybe even solve a problem that I have.
But when they cross the line and connect that with personal information that identifies me as more than just a cookie number in a browser cache, I resist it just as strenuously as you do.
Of course, all my doubleclick.net cookies have modified user names and are now write-protected to provide me a bit of anonymity again.
Re:Stamps for E-mail? (Score:2)
Be sure to do this at pay phones. Extra $0.35 or so charge to the bill.
Ooh, good idea!
And, how many of you have sent bills to the spammers and then taken them to small claims court when they didn't pay?Sadly, I'm in Canada, so while it's been tempting, it would be rather hard to collect and even more difficult to bring a court case, since most of the spam I get comes from American spammers...
Re:Here's the Real Facts (Score:3)
-Andy
Re:I posted the /. "bashing" comment(s) on K5 (Score:3)
But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."
I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.
Personally I'm getting a little sick of this. I got flamed up and down for running the story [slashdot.org] about Ryan Meader's leaked plans for the Apple Cube; I saw a dozen "proofs" that he faked the whole thing right down to the letter from Apple. And what did Apple announce today? The Cube. [apple.com] Please send your lengthy apologies complete with $50 checks or money orders to: jamie@mccarthy.org [mailto]. Thank you.
More seriously - your rude remark about "book-content fodder" is bunk. You know, or should know, that Slashdot has already decided not to run a book [slashdot.org] of readers' comments without getting permission from those who posted them (which basically means not running the book at all, because 100% of the readers will never respond).
It's easy for you to whine about how unfair it all is that Slashdot is delivering ad banners, but when it came down to brass tacks, we yanked an entire book and probably lost a lot of money, because it was the right thing to do. Of course, acknowledging that would just distract people from your point, which was, obviously, to bash us.
Jamie McCarthy
Re:Additional Background and Perspectives (Score:3)
Yes, and that is a reasonable fix.
However, my understanding is that ORBS went much further than that: they advertised routes with very low metrics designed to lure packets away from valid routes which wouldn't have gone through them at all. This had the effect of shutting down legitimate routes which had nothing to do with above.net.
The fact that there may be a fix (hell, pulling the plug on above.net altogether would be a fix) doesn't make what they did any less reprehensible and inappropriate.
I say this as an unaffected, non-ORBS using observer. If above.net was trying to destroy their own business, I can't think of too many ways they could have started more effectively. I am sure there are many thousands who are far more ticked off than I am.
I posted the /. "bashing" comment(s) on K5 (Score:3)
Here's the jist of what I had to say:
A pretty long time ago at this point,
As
The topics covered are more political and opinion-feeding rather than factual, and they are a lot less timely. News breaks elsewhere now, and
Now, my "bash" consisted of asking "WHY?"
Is it that the editors are that much more busy, now that they get paid to do what they did brilliantly for free? Is it that Andover wants some assurance that a story isn't being fabricated, just so someone out there can take pride in being slashdotted? Are the stories chosen specifically for the amount of opinionated discussion they will create, possibly for book-content-fodder - since there is less fact and more opinion with each passing month?
Or (and here's the "bash") are the editors getting some benefit from bringing in more and more eyeballs, and so they choose the more dilute stories to post, so they will be accessible to more and more eyeballs?
My subversion simply asks, 'are Rob and Jeff catering/reacting to the interests of
If I'm making unfair accusations, I've already offered on K5 to print my post and eat it before a live audience. But it has been a really long time since we've had a "State of the Slashdot" article from Taco; perhaps it's time for a Slashdot Interview with the Slashdot Staff; just to get this kind of thing off of my (and our, perhaps) chest?
Re:Totally Unnecessary (Score:3)
> Why did you mention that?
Because if they didn't, then someone would accuse them of censoring that story.
--
Kuro5hin.org (Score:3)
Re:that "seemingly clueful post"... (Score:3)
Traceroute Output that fails because above.net eats the traffic...
FROM www.isp.at TO orbs.org.
traceroute to orbs.org (202.36.148.21), 30 hops
4 Vix-ATM-155.inode.at (195.58.160.209) 5.048 ms 12.202 ms 12.646 ms
5 vix.above.net (193.203.0.45) 7.672 ms 5.304 ms 8.382 ms
6 208.184.102.49 (208.184.102.49) 6.614 ms 6.674 ms 7.122 ms
7 208.184.102.130 (208.184.102.130) 30.216 ms 29.016 ms 30.927 ms
8 208.184.102.142 (208.184.102.142) 28.991 ms 32.004 ms 29.605 ms
9 208.184.102.138 (208.184.102.138) 51.13 ms 51.809 ms 50.449 ms
10 216.200.254.77 (216.200.254.77) 125.319 ms 126.959 ms 126.231 ms
11 core1-core3-oc48.iad.above.net (209.249.203.34) 126.821 ms 126.721 ms 125.09 ms
12 207.126.96.121 (207.126.96.121) 207.957 ms !H 207.261 ms !H 206.349 ms !H
One that succeeds because 202.50/16 is not blackholed by above.net
Tracing the route to orbs.org (202.50.71.133)
...
9 telcomnz-gw.customer.ALTER.NET (157.130.224.90) [AS 701] 8 msec 8 msec 8 msec
10 s5-1-3.akbr1.netgate.net.nz (202.37.246.246) [AS 4648] 200 msec 204 msec 204 msec
11 xtra.akbr1.netgate.net.nz (202.37.245.150) [AS 4648] 148 msec 148 msec 148 msec
12 203.96.111.218 [AS 4648] 180 msec 156 msec 160 msec
13 210-55-195-1.dds.xtra.co.nz (210.55.195.1) [AS 4648] 356 msec 604 msec 888 msec
14 DMZrouter.manawatu.net.nz (202.50.71.26) [AS 9325] 248 msec 180 msec 340 msec
15 orbs.org (202.50.71.133) [AS 9325] 300 msec 428 msec 240 msec
It seems that since the slashdot effect occurred a few hours ago, Vixie and others are taking steps to fix this problem. Sometimes things happen very rapidly on the internet, when enough voices are complaining.
the AC
Re:If anyone is wondering why Kuro5hin (Score:3)
We're sometimes on #kuro5hin on irc.kuro5hin.org (same IRC network that hosts #slashdot), can be mailed, etc, if you want to chat with us.
As for traffic being "free," someone has to pay for bandwidth..
---
Read the ARTICLE on kuro5hin before posting (Score:3)
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true.
Isn't this a Slashdot is censoring the story post? [kuro5hin.org]. How about this one? [kuro5hin.org] The post isn't attacking K5, all it points out is that there were several posters on kuro5hin who post slashdot-is-censoring-the-story-messages daily on kuro5hin. Frankly I read K5 everyday and literally every two or three stories has somebody complaining about how slashdot is censoring the story.
PS: Now for a real conspiracy, ask why slashdot hasn't posted this story [kuro5hin.org]. It has beeen submitted several times by myself and others on kuro5hin but is always rejected.
New section for slashdot - Rampant Speculation (Score:3)
I love how, if we post cutting-edge information that hasn't totally been verified, we get flamed for being "just a rumor site." But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."
I used to get upset at getting flamed on Usenet. I don't anymore. Why? Any time you put something vaguely controvertial up in a public forum with a reasonable amount of readers someone will disagree with it. Out of those with disagreements, there is a fair chance someone will fire off a response without their brain in gear. Or even post a reasoned rebuttal - scary but it does happen. Slashdot is about as public as it gets - I note the number of UserIDs appears to have run passed 200,000 now so I'm not surprised in the slightest that thoughtless stupid flames get received by /.
I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.
Have a Ramapant Speculation section then for unverified information. Make everyone happy. Give it a extra icon that can be added to show once a story is verified or refuted.
Just my 2c. And ignore ignorant flames - they can go in the bit bucket. Just make sure whatever filter you use recognises real constructive critism as well! :-)
Cheers,
Toby Haynes
Slashdot Users and Spam (Score:3)
Re:Slashdot Users and Spam (Score:3)
8. SPAM works, because it is so much cheaper than mass-mailings that a return of one customer per 10,000 messages will probably pay for the costs, and everything else is pure profit.
The only way we can reduce spam is by making it cost something to send it out... and a complaint is not considered much of a cost to the sort people that use spam.
Re:Additional Background and Perspectives (Score:4)
I am not an above.net customer. Nevertheless, they have taken the choice of whether or not to use ORBS away from me. Thus, they have denied a non-customer the right to use that service.
The fact that I have until now chosen not to use their service is irrelevent: I resent having that choice taken away from me as a result of above.net's behavior.
From what I have read above.net are denying others access to ORBS, by advertising null routes with very low metrics to the rest of the net. This has apparently caused links which could be routed to and from ORBS to non-above.net locations via either above.net or an alternate backbone providor to default to above.net (a lower metric says "I am the shorter route, use me!"), where they then get routed nowhere.
This has the effect of blocking ORBS from ISPs and users who are not above.net's customers.
Above.net denies this. ORBS broadcasts the assertion. Other observers who appear to be less involved (read: more neutral) have commented that ORBS assertions as to cause and effect appear to be accurate, even if their assertions as to motive may not be.
Add to this that ORBS has apparently shut down their service altogether. This could be a publicity stunt, but I think most reasonable people would suspect it has more to do with technical problems stemming from above.net's behavior than political fallout.
Taken as a whole, it appears that the accusers have offered significant evidence of wrongdoing, while the accused have responded with disclaimers and denials, but no evidence to refute the accusations. As a neutral but technically competent observer I am, for the moment, inclined to believe what others have apparently confirmed.
I'll reiterate: what above.net is doing is wrong. It is unethical. It is immoral. It is reprehensible. And it is destructive to the very trust model upon which routing throughout the internet relies.
They may not be in legal trouble (though I suspect even that stance is open to dispute), but they are in a whole lot of PR trouble, and they clearly deserve to be.
If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.
Additional Background and Perspectives (Score:4)
The views on this controversy are diverse and conflicting, to say the least.
My personal take: I don't use ORBS and I have no opinion on the quality or fairness of ORBS' anti-spam service, but for another entity to unilaterally deny users who are not their customers the right to use the service, however flawed it may or may not be, and to do so by undermining the very IP protocols we all rely on is reprehensible in the extreme.
That above.net offers a competing anti-SPAM product is not merely suspicious, it is damning.
Finally, what happens if other competitors start advertising bogus routes to competing web pages or services?
IMHO above.net needs to be bitch slapped, hard.
ORBS is a hostile system (Score:4)
In other words, ORBS is a hostile system, which will deliberately and intentionally probe your mail servers without provocation, without permission, and then blacklist you and refuse to remove you, whether or not you fix it or a problem really exists. I have had to deal with the assholes there before. They're worthless. Anyone who would respond to an email requesting to be removed as the blacklisted server is not a relay with the words, and I quote "use a real mail server" and calling the administrator an "idiot" repeatedly... well, draw your own conclusions.
ORBS also appears to either be utilizing systems outside of their network for scanning to evade the blocking that hundreds of ISPs use against them (which results in ORBS blackholing them). Possibly cracked, possibly legitimate. I don't know - all I know is that I have always treated ORBS as a hostile entity after I saw them attempting connections on a variety of ports to a mailserver. I've been keeping ACLs up to date to keep the assholes out since.
MAPS realistically *should* be blackholing ORBS, and likely DOES (I don't subscribe to MAPS, RBL, etc - I feel the methodology is flawed.) due to the fact that ORBS deliberately seeks out relays. I wouldn't put it past ORBS to be selling open relays, perhaps their entire black hole list, to spammers. They've proven to be those kind of people in the past, and still are.
Those of you looking to block ORBS, I'd recommend dropping all packets from the entire
=RISCy Business
MAPS != ORBS (Score:4)
MAPS - is about preventing abuse of the mail system, in any form. Present methods of abuse are mainly centered around direct-to-MX spam from dialups with lax signup policies, DOS attacks in the form of multi-megabyte mainsleaze "we sent you an MPEG of our latest 30-second TV spot" marketing firms, and yes, spam relayed through insecure relays.
Loosely categorized, that's MAPS DUL (the dialup project), MAPS RBL (The Realtime Blackhole List, designed for firms which continue to spam unrepentantly and for which every other means to have meaningful discussion has failed, and MAPS RSS (Relay Spam Stopper, a blacklist of open relays.)
ORBS, by contrast, concentrates only on adding open relays to its block list, and has a method of checking those relays which results in it probing machines, often repeatedly, and most importantly, even against the express wishes of the system administrators of the machines being probed.
ORBS is not a spammer, but there's a legitimate argument that says they're abusing the servers they contact. They have great intentions (with which the road to the RBL is paved). But the bottom line is that if you - be ye a spammer or be ye a relay-checker - probe my box, I'm gonna be pissed. If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.
This is nothing new. ISTR that ORBS lost their connectivity for a period of time from BCTel as far back as 1997/8ish for this - people being probed complained to ORBS, ORBS didn't stop probing, so they did the right thing --- complained to ORBS' upstream.
Back to the present day and "pissed". If ORBS' current upstream isn't gonna stop 'em, then I'm gonna document my efforts. Having emailed ORBS folks, spoken to them on the phone, and having found their upstream unresponsive to my concerns, I as a sysadmin would have everything I needed to make a well-documented RBL nomination.
If the story is true, (and I'm still skeptical that ORBS is actually on the RBL, as opposed to there merely being a nomination under consideration, but I haven't been following nanae this week), then someone who fell into the "really really pissed" category did just that, and the RBL team was subsequently unable to have meaningful negotations with ORBS.
I like ORBS. If I had a personal box, I'd probably use their blacklist. But my liking them, even when combined with the fact that I know their intentions are good, doesn't change the fact that repeatedly launching probes against sites which have requested no longer to be probed, is/EM. abuse of the email system, and it's a form of abuse which subscribers to the MAPS RBL ought to be entitled to protection against.
Spam legislation won't stop the problem (Score:4)
Anybody else take a look at the text of yesterday's anti-spam legislation?
A couple of things come to mind.
Point 1: The spam must clearly identify a reply-to address so that you can get off the list. Spammers have pretended to do this for years. Usually, the reply-to just means that your e-mail address is valid, and gets you more spam.
Point 2: Headers must not be masked. I think this is a great first step, but won't it be hard to enforce?
Point 3: Won't all this simply move the problem offshore?
I think the Internet Community has to provide the solution for this. While government legislation is a great symbolic step, I'm not sure how much it will actually do to alleviate the 200-300 messages a day that I sometimes get in my mailbox.
The Register has a story (Score:4)
Totally Unnecessary (Score:5)
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true. K5 is NOT a
Sorry for the rant, I'm going back to enjoying Slashdot AND Kuro5hin now.
Re:Additional Background and Perspectives (Score:5)
If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.
Allow me to save you the effort.
As another post pointed out here [deja.com] the situation is clarified and apologies are given and accepted all around. Apparently it was an innocent ISP foul up, or else someone is very good at spin control (I tend to believe the former rather than the latter).
I am delighted to have been 100% wrong about this.
YA "here's what seems to be going on" comment (Score:5)
- ORBS has systems that probe hosts all over the Net to test whether or not they are open relays. If a host blocks the ORBS probe, ORBS will note this fact, and some ISPs that subscribe to ORBS will block that host, even if that host is not really an open relay. (By comparison, the MAPS systems will only probe a host after someone has complained about getting spam from it.)
- Some of MAPS's own mail servers refuse connections from ORBS's probes. Therefore, ironically, ORBS blocks MAPS.
- Above.net has decided that the probes from ORBS violate the above.net Acceptable Usage Policy. Therefore, the hosts that send out these probes are blocked from the whole above.net network.
- MAPS uses above.net as an ISP, and Paul Vixie is one of the big wheels at both MAPS and above.net.
- Manawatu Internet Services (MIS), an ISP that serves other ORBS machines, uses NZ Telecom as an ISP, and NZ Telecom uses above.net as an upstream provider.
- NZ Telecom set up its routing tables incorrectly; they could and should have set them up so that MIS could access ORBS machines through another upstream ISP.
- Some folks at ORBS noticed that they were having trouble with their email (as in, it was taking over a week to get from Europe to NZ), and a cursory check suggested that above.net was sabotaging their email traffic.
[pulls string on talking Barbie] "Network administration is hard."--
FINALLY! (Score:5)
I know a guy whose mail server is buggy. It is *NOT* insecure. You cannot relay mail through it. The bug is this: Certain addresses will crash it. The mail doesn't go through, but the mail server crashes.
ORBS crashes his mail server. Up to seventeen times per run. Over and over. They won't stop.
Some postmasters get email every time a relay attempt is made and fails. They are getting mailbombed by ORBS.
ORBS is doing the same thing spammers are doing: Using the email system, and refusing to stop when asked.
Even if you get on their "static" list, they'll probably still spam you occasionally. But, think about it: Is it fair for a system which claims to block "open relays" to also, if you turn it on withuot knowing about the "static" list, block mail from anyone who dislikes the constant and repeated tests?
Is it fair for them to tell their users that you're a spammer, if you tell them you don't want or appreciate their testing? Remember, we're talking about systems that are *NOT* open relays!
Finally, only ORBS has maintained spite listings. MAPS has never maintained them. I'm sure someone will find a case where MAPS listed a system that was not involved, in any way, in mail abuse. I bet you can't find one where the listing stuck past the first complaint.
ORBS has consistently condoned mass scanning of netblocks. They have encouraged people to scan whole netblocks, and resubmit any hosts they find to ORBS.
ORBS will list systems that cannot be used to relay actual spam. ORBS will list anyone that complains too loudly about them, or plays games with their tests. And they will list such people
out of spite, not out of any desire to eliminate spam.
Some people have put network-wide filters on the address space ORBS probes from. ORBS retaliated by starting to farm out relay probes to external sites. You know, just like what spammers do when you block their unwanted communications.
The only thing I think the RBL did wrong in this picture is let it go so long. ORBS has been abusing the email system for a long time, and has done a lot of stuff out of ego and spite. It's time *someone* reminded them that you can't abuse the email system forever.
Re:FINALLY! (Score:5)
Shure, it would crash some people's boxes, but who cares. It would only crash their boxes when they sent mail to someone running this modified sendmail. They can fucking figure it out and DL the patch.
Plus, there would be no centralized blacklist. It would just be a modification which every admin has a choice of installing.
Here's the Real Facts (Score:5)
This is a simple ISP fuckup. Telecom New Zealand screwed up [deja.com].
And here's [deja.com] the start of the apologies. Paul Vixie apologizes, even. They all shake hands. Well, maybe not really, but still:
The story as reported is all lies and misinformation.
Why neither should be used (Score:5)
a) The server admin has no control over what sites are blocked
b) They change dynamically and could potentially block sites you were talking to days before.
c) Petty disputes like this one will cause trouble.
If you want to do your own spam filtering on your own site, that's fine. Depending on someone else to tell you who you should block is just asking for trouble.
Sorry to see that Alan has to use draconian filtering. Without it, I'm sure he's going to get a lot of e-mail, mostly spam. As it is, I get 200+ a day, and noone knows me.