Slashdot Mirror
MAPS vs. ORBS
Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?
I read this article. It appears to me that this fellow was running a pirate site and got caught. Everything that he uses as an argument reaks of Pirate. Basically he allowed anybody to upload anything to his server, and then started crying about the sudden appearance of warez. Doubly damning is that he allowed anyone to download the files. Had he taken any precautions whatsoever, he would probably not be in this mess. In my book that makes him a pirate, or really naive.
Naive? How about "an idiot"? While he's whining how Mean ol' Slashdot won't post his article, maybe he ought to get some perspective first. What about this is "News for Nerds, Stuff that Matters"? And remember, Slashdot has to throw back a lot of article submissions, because they get so many.
News for Nerds? It's not news that some site most people have never heard of got shut down. Stuff the Matters? Well, it's not a nice day for that guy that he got raided by the FBI, but he was being an idiot.
"I allowed people to store their legitimate backups of their software, art, music and other files on my server"? Why can't they do their own backups? Assuming he really was a pirate, what a great way to get warez! Sure, store a backup of your Photoshop CD on my server, I don't mind, wink wink nudge nudge!
And I don't know anything about this Hotline software, but from what everyone else is implying, it's a favorite among warez d00dz types.
Back to the original point of getting some perspective from the Slashdot editorial view of the story. Yet another guy got raided by the FBI for having warez. Ho hum, like that's news. And it sure as hell sounds like either through his own idiocy or intentionally, he ran a warez site, and got caught for it. Like that's news, too. Clicky, clicky, next submission please.
(posted anonymously so I dont get fired)
All of ORB's networks have been null routed inside Above.Net, not just Manawatu Internet Services but all of the ORBS testers as well.
This has been done because ORBS violates Above.Net's AUP by sending email probes to any SMTP server they can find probing it for open relay, and also hosting a website that lists every single open relay server that they can find. In many people's book this a big no-no.
Alan Brown, of MIS, who is the perpetrator behind ORBS has turned his bitching and moaning in the direction of MAPS because it gives him the moral high-ground and because Paul Vixie, who runs MAPS is also the CEO of Above.Net.
THIS ISSUE HAS NOTHING TO DO WITH MAPS
This is not the first time that Alan has gotten himself in trouble and it wont be the last, however, In this case I do think that Above.Net have gone to far in blocking all transit through their network destined for ORBS. This is ofcourse their right however.
On the alleged issue of Above.Net advertising null routes for ORB's networks to their peers, I can say that this is a complete lie. And I will prove it:
route-server.cerf.net>sh ip bgp 202.36.147.16
BGP routing table entry for 202.36.147.0/24, version 4651414
Paths: (4 available, best #1)
Not advertised to any peer
1740 1 4648 9325
134.24.88.55 (inaccessible) from 134.24.88.55 (134.24.127.27)
Origin IGP, metric 20, localpref 100, valid, external, best, ref 2
1740 1 4648 9325
192.157.69.5 (inaccessible) from 192.157.69.5 (134.24.127.201)
Origin IGP, metric 20, localpref 100, valid, external, ref 2
1740 1 4648 9325
192.41.177.69 (inaccessible) from 192.41.177.69 (134.24.127.131)
Origin IGP, metric 20, localpref 100, valid, external, ref 2
1740 1 4648 9325
198.32.176.25 from 198.32.176.25 (134.24.127.35)
Origin IGP, metric 20, localpref 100, valid, external, ref 2
So, in summary, ORBS has instituted a splatter campaign against MAPS due to the tenuous link of Paul Vixie to Above.Net, where in essence it has nothing to do with MAPS and everything to do with ORBS repeatedly violating Above.Net's AUP and after repeated warnings from Xtra (MIS's provider), NetGate (Xtra's provider) and Above.Net (NetGate's provider) he still continues to violate AUP's as if it were his sole right to do anything he wants to anyones network.
I have seen several comments blaming Telecom NZ (who own both NetGate and Xtra) for the blocks on ORBS, however it has nothing to do with them and they are simply stuck between a rock and a hardplace.
This post is too long. Sigh.
MAPS is abused by people. Someone added the mailing list Juicy Cerebellum to maps and now the author of the Juicy Cerebellum can't get his stuff off the MAPS list. He was added by someone who really hated him out of spite. MAPS is wrong. It's too easy to put someone one there is like no criteria for it. But try to get off of it because someone simply screwed you over? Well forget it.
Dear:
[ ] Clueless Newbie [x] Loser [ ] Troll
[x] Signal 11 [ ] Pervert [ ] Geek
[ ] Spammer [ ] Nerd [ ] Elvis
[ ] Fed [x] Freak [ ] FascdotKilledMyPr
[ ] AOLer/Euronetter/PIer/MSNetter
[ ] Other: Unbearably self-righteous person
You Are Being Flamed Because:
[ ] You quoted an ENTIRE post in your reply
[ ] You started an off-topic thread
[ ] You continued a long, stupid thread
[x] You posted a bitchy "Slashdot sucks!" message
[ ] You posted a "YOU ALL SUCK" message
[ ] You said "me too" to something
[x] You suck
[x] You brag about things that never happened
[ ] Your sig/alias/server sucks
[x] You posted something totally uninteresting
[ ] You posted a message all written in CAPS
[ ] You posted racist shit
[x] I don't like your tone of voice
[ ] I think you might be a fed
[ ] You are the leader of a secret Katz human-sacrifice cult
To Repent, You Must:
[ ] Give up your AOL/Euronet/MSN/Planet Internet account
[ ] Bust up your modem with a hammer and eat it
[x] Jump into a bathtub while holding your monitor
[x] Actually post something relevant
[ ] Read the f****** FAQ
[x] Be Pat Buchanan's love slave
[ ] Be the guest of honor in alt.flame for a month
[ ] Apologize to everybody
[x] Become CmdrTaco's new Lover now that Hemos is otherwise occupied
In Closing, I'd Like to Say:
[ ] Blow me
[x] Bite me
[x] Get a life
[x] Never post again
[x] I pity your dog
[x] Go to hell
[ ] I think your IQ must be 5, join the Marines
[x] Take your s*** somewhere else
[ ] Learn to post or f*** off
[x] Do us all a favor and jump into some industrial equipment
[x] See how far your tongue will fit into the electric outlet
[ ] All of the above
The purpose of the bill is not to protect Internet users directly or even indirectly from spam. You can tell from the bill itself plus the justification that they are concerned about the spammer not paying for the service.
So what's going to happen is that big ISPs are going to strike deals with direct marketers for the right to spam their customers. This is going to be just extra revenue for the ISPs and is not going to translate into lowered consumer prices.
On the other hand, I'm sure the same ISPs will be kind enough to set up central opt-out lists that will also really work.
So if this bill passes, everybody will be happy. The direct marketers can continue to spam and reach millions of gullible people, but now they have to pay the ISPs. The few idealists can tell their ISPs to block all legal spam, and it'll be done. The ISPs will send bounty hunters after the illegal spammers who have mentioned an 800 number in their message.
In the end you will only see spam that mentions a Caribbean phone number as a contact point.
Marko
However, if I (as a server admin) choose to use such a service, I should have every right to do so.
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I imagine I'll get more users once I get a faster connection. Being on 56k sucks ass. Should be getting DSL in about three weeks, though, God willing. Yay!
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
If you can't stay connected without a crash, disconnect. I think you abuse the net with your "please don't use this extension when communicating with me" modification of the RFC.
"Oh, and please don't send any ICMP type 4 packets to my server or it will crash. Dammit! You did it again!"
...yellow number five, yellow number five, yellow number five...
The problem isn't that scan... it's the fact that they list all the open relays in one convenient multi-format database, which is INTENDED FOR USE BY SPAMMERS. The only thing orbs does is ensure that when fully open relays become rarer, the spammers will have a SINGLE source to go to hwere they can find ALL the info on where to go to find partial open relays, and EXACTLY the envelope needed to relay off them.
I wouldn't put it past ORBS to be selling open relays, perhaps their entire black hole list, to spammers. They've proven to be those kind of people in the past, and still are.
They don't sell the database to spammers, they give the whole thing to them, anything that has been there 30 days.
Just head to their site and check out the whats int he database section... now just write a nice little cgi to pull from the database exactly which envelope lines you need to relay off each of those servers, and voila, you have a nearly inexhaustable supply of abusable mail servers.
It's inexcusable, if you ask me.
So you want to double the amount of email sent for no benefit? Good plan.
Check to see if the account is the spamprobe account. If not and the sender is in the spammer list, send a faked bounce message back to the spammer.
This may be enough to get them to remove the real/valid email address from the mailing list. Probably just bounce though.
Deleted
Then I got clever and started leaving other spam 800 numbers as my number. So hopefully they would waste their time calling each other.
See, I figured this was one way to hurt them because an 800 number costs someone a little bit of money somewhere.
As a side benefit, its alot of fun too.
Bleh!
I saw it once and deleted it - Michael says he hasn't seen it at all - which means that if it really has been submitted multiple times, there are multiple other Slashdot editors, each of whom thinks this story is not worth posting.
(Any slashdot editor can delete a story for any reason. If something gets submitted multiple times and doesn't get posted, odds are very good that none of us thinks it's newsworthy.)
This story isn't a very interesting one. "Dog Bites Man." As far as I can tell, this guy ran a warez haven from his home, and the FBI very politely came and confiscated his computers. That's really not going to be surprising to anybody; it didn't seem like news to me.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
You are confusing post with article. This is michael posting an ARTICLE which is different then a user posting a POST ( ie a response to an article ) and it is displayed right dab on the main page. Apperances /are/ important, and having a main story on a front page displaying things about a "mostly clueless" site look BAD, now if it was buried in YRO it would be one thing maybe, or if michael responded to it in a post, /. authours CAN make posts, michael even is posting in this thread.
Of course it's all a matter of opinon i suppose.
People keep assuming I'm bashing /., I'm NOT, please read this and this and most importantly this post of mine, it explains my posistion pretty throughly, and I don't want to repeat myself. So don't go off half-cocked thinking you know where I stand.
Oh I certainly DO think /. did the right thing, I'm not saying that. And I totally agree with your post 100%, but that line about K5 was..well..uncalled for, even if michael didn't mean it like it sounded.
Michael,
/., I just wanted y'all to understand :) specfically the last part: but has at least one seemingly clueful post.
I understand what you MEANT, I wasn't beating up
on you OR
what it SOUNDED like
I hope you can see why it might sound like you're talking about the site rather then users.
If it's been hashed over, and apologies issued, any idea why www.orbs.org still has accusations?
The problem that I with spam is the fact I wouldn't not want anyone sending me e-mail that I didn't to a service that I paying money for. If I get spam on a hotmail account that is fine but I do not want spam from an account that am paying good money for then I have a problem. That is why I don't have a problem with direct mail (snail mail) I don't pay for the address (unless I have a PO BOX even then most places won't charge you more if you get to much mail)
The diary also tells us that he's recently moved :-)
into a house that requires a lot of work doing
on it. Even demi-gods are allowed to have a life
outside of Linux, surely?
Lay off.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, rusty@kuro5hin.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/1.3.12 Server at www.kuro5hin.org Port 80
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I've been promoting the use of MAPS and ORBS to many of my clients for years. (Yeah, yeah, I know that you shouldn't rely on a centralised blacklist, etc. But it's the best existing solution.) If this hits mainstream press, I'm going to get all kinds of calls and e-mail from clients, and now I have to explain that, no, really, you can still trust that they're only filtering out spam, not good mail. They won't believe me, as they shouldn't, and I'll look like an asshole.
Thanks for nothing.
-Waldo
they could turn off domain transfers to most people.
--
I'm not trying to flame anybody. I'm presenting a different point of view that just happens to disagree with yours. If that's your definition of flaming, then yes, I guess I am flaming people.
Admittedly, I am sick and tired of the complainers around here, but I've tried very hard to keep my cool and not flame. Perhaps I haven't succeeded completely, but this discussion is *far* from a flame war.
Ben
The main noodle about all this is that ORBS will try and relay a message via your server. if it fails, it is marked OK. if it doenst fail it is marked as BAD. Now if a System Admin has a problem with someone sending a packet to their server, they really need to get their head out of their butt. Good Grief, YOU ARE CONNECTED TO THE INTERNET, you will get packets, you will get pings, live with it or yank that plug and sit in a corner with your unplugged server and your security blanket.
&rant(on);
Any sysadmin that has a problem with an ORBS scan is a worthless sysadmin... it's simple... whatcha paranoid about? you dont have the skills to secure your box? get out of the business!
&rant(off);
I remember a bunch of idiot sysadmins had a fit when they were pinged for the internet mapping project...
Ya gotta love humanity!
Do not look at laser with remaining good eye.
Jamie and Slashdot crew,
;)
First off, let me apologize if I went too far. All I did was, in the context of an apparently major story, question the reasons behind it's absence from slashdot. I got a bit hot-headed/paranoid about it, and I see how this could have ruffled feathers at 'the compound'.
You're right, every time slashdot isn't perfect, someone complains. The "Cube" story is a perfect example. And yes, the issue with the book has been resolved in the most honorable way possible, at a financial disadvantage to you guys. Isn't it always the case that we only provide feedback when there's a reason to be whinny? If we were to be fair, and applaud every thing slashdot does right, your mailbox would be jam-packed with "atta'boy!" messages, and I'm sure you'd just be resentful at having to delete them all.
Slashdot is run in a very democratic and equitable fashion, with moderation and meta-moderation allowing the community to police itself to a great extent. The model isn't perfect, but there is no glaring, obvious improvement to the scheme. It works well.
Slashdot is run very much as a benevolent dictatorship as well. The product is near and dear to us, but the people in charge stay cloistered. This is where the speculation about motives comes from. You guys obviously work hard at making slashdot a self-governing entity. But you are in control of it's future, not the readers. You choose the content around which the community here governs itself, you accept or reject the stories.
Maybe it's just me, but when people in charge don't let me know what they're up to, I tend to get a little antsy about their motives. The last time we (the readers) heard anything personal from 'the management' it was about the wedding, before that about the Microsoft 'request' at censorship. Prior to that, it was over the Andover/VA buyout. Before that, when moderation and M2 came into play, there was a great deal of discussion in which Taco, Hemos and the others took an active role. Your motivation, inspiration and expectations were presented, questioned, challenged, understood and for the most part accepted by the readers.
The history of your stance on behalf of slashdot and her readers is admirable, but the silence and lack of discussion is a bit unnerving. Since slashdot has been bought, this sort of interaction has been missing. We've become more of an audience than participants, and while I understand that it's hard to talk to 220,000 whinny slashdotters, an occasional personal visit would be appreciated. Don't you guys ever feel the need to bounce ideas about future directions for slashdot off of the readers? Aren't you curious about our opinion of the site itself? (Critiques of the site and content tend to get nailed as Off-Topic right quick, as there is no convenient place to be heard.) If not, then how much respect do you have for us?
-- What you do today will cost you a day of your life.
I haven't seen bill myself, but moving the spammers offshore doesn't help the the legal cause of the US-based businesses that are the benficiaries of their SPAM.
Most of the SPAM that I get is for a US-based product, service or company. If I can hold that company responsible for that SPAM, they're not going to get involved with offshore spammers. You won't be able to do anything about offshore spammers spamming for offshore "business opportunities", but personally I don't see too much of that nor do I think that offshore businesses that SPAM have a new-customer rate orders of magnitude lower than the already low rate that US-based companies enjoy.
Of course the risk is you forging SPAM for my business, and someone holding me responsible for it. Obviously there would have to be some kind of check involved to keep this from happening, but not so onerous of a check to prevent the benficiaries of the SPAM from getting away with it.
Agreed! K5 will get maximum mileage out of this if it turns it's cheek and ignores this attack.
--
Quantum Linux Laboratories - Accelerating Business with Linux
* Education
* Integration
* Support
*Condense fact from the vapor of nuance*
I visted the artical on K5 and the bulk of the posts are talking about how and why Slashdot/Andover are supressing this story.
Only a few posts are accually on topic...
I just said K5s moderation was better than Slashdots.. but it just occured to me... all thies K5 attacks on Slashdot would be moderted down as off-topic.... It dosn't happen on K5... Maybe I was wrong
I don't actually exist.
He wasn't using OSM as an excuse...
The posts in question aren't from OSM
I don't actually exist.
From what I have read on K5 and Slashdot ORBS is a very nasty organisation.
From my own experences MAPS is horrable.
ORBS sends larg bodys of probes to servers. This eats bandwith and/or crashes (unstable) e-mail servers.
MAPS uses a complaint process that is less than reliable rarely handled properly and often MAPS is down right sloppy. An innocent victom has a better chance of making it on the MAPS list than a Spammer.
MAPS allows AboveNet to use MAPS filter list for a packet filter. This means any random user may end up having his packets filtered by AboveNet based on MAPS. No matter what.
It's been said that you don't have to have your data routed by AboveNet... To this I say... how do I prevent my web surfing, e-mail etc from being filtered... what do I do to prevent this filtering.
Even if I COULD do something (and I can not) thats an OPT OUT filter... kinda like OPT OUT spam...
It matters not... I don't want Spam, I don't want to be filtered by MAPS[Vea AboveNet] and I don't want my e-mail server to be bombed by ORBS.
I can filter spam with procmail...
What can I do about ORBS and MAPS?
I don't actually exist.
Not only do Spammers and Blacklists go after each other.
But Spammers attack Spammers
Blacklists attack Blacklists...
Yes... it's the SpamWars RPG....
The SysAdmins nightmare....
I don't actually exist.
RBL dosn't folow this criteria...
MAPS staff do not allways validate complaints...
MAPS staff do not allways contact offenders
MAPS staff do not allways return phone calls.
MAPS staff are volitears not employees and enter with an addatude. They are the layer that make it easy to get on the list and hard to get off.
Managment at times dosn't know an offending ISP has made contact unless the offending ISP sues...
If the above case is real it's pure abuse...
Meaning the person who has something against the victom is MAPS staff
This could make life a specall hell
I don't actually exist.
No, not really. I hate to admit it, though, but it does kinda taste good, especially with tomato, lettuce, and a good dijon mustard.
Heh...
"The dead do not shoo-bop-aloo-bah." -- Kai, 'Lexx'
I wonder what the first spam ever sent out was?
If I remember correctly, the "spam" that touched off the now-familiar deluge was for a legal service offering green cards, posted on Usenet back in... oh, now my memory fails.
Er, that system crashes on certain headers, the admin is too clueless to upgrade the system. If a h4x0r would get a grudge against the admin (or the company that employs him), that box would crash every 5 minutes. What will our "genius" admin do? I guess he will install another mail server pretty fast. Knowing his past actions that new server will be an open relay, perhaps even an anonymizing open relay. No magic necessary.
I am afraid an article posted on June 25 won't be relevant to the current situation. Unfortunately, both ORBS's homepage and the following quote from a recent article by Paul Vixie in news.admin.net-abuse.email show that the situation has not clarified.
Please look closely at the headers before you assume that I was the "Anonymous" Coward to whom Paul responded.
With more spin like that, guys will start giving up Rock & Roll for a career in Linux hacking.
--
Sheesh, evil *and* a jerk. -- Jade
>PS: Now for a real conspiracy, ask why slashdot
>hasn't posted this story. It has beeen submitted
>several times by myself and others on kuro5hin
>but is always rejected.
I read this article. It appears to me that this fellow was running a pirate site and got caught. Everything that he uses as an argument reaks of Pirate. Basically he allowed anybody to upload anything to his server, and then started crying about the sudden appearance of warez. Doubly damning is that he allowed anyone to download the files. Had he taken any precautions whatsoever, he would probably not be in this mess. In my book that makes him a pirate, or really naive.
/. finds me to be 20% Troll, 80% Funny
You can file in your local small claims court. JunkBusters has an anti telemarketing script available. They also make an excellent http filter.
DeanT
I think it means that you can't be held accountable if you are unknowingly used as a relay for spam. I haven't read the whole bill, yet. It does look like an off for legit innocents.
It also looks like once you've been made aware of the use of your relay you have some responsibility to tighten it up. This is because you now know that email in violation of Sec 5.(c).(2) is passing through your machine.
My 2 cents,
DeanT
Because this has been going on for months and
months.
I was hoping we'd seen the end of this, but
obviously not.
And someone who doesn't know how the Internet works jumped to conclusions.
Is there any evidence that anyone can actually make cash through it?
I've thought about that before. I simply couldn't not believe spam would be an viable money making scheme. But then I realized that the fact that spam continues (and quite possibly growing), is evidence in itself. While it has to have very low returns, I don't think you need lots of people to make it a profitable business.
I once worked with someone who was a spammer (he preferred the term "Bulk Internet Mail"). Quite a loony character, he was!
Point 2: Headers must not be masked. I think this is a great first step, but won't it be hard to enforce?
Point 3: Won't all this simply move the problem offshore?
I think this is kind of ironic. If they are masking their headers, how can they prove it came from offshore? On the other side of the coin, what's to stop them sending spam from US servers and faking headers to look like it came from offshore?
I think that US companies would get in trouble either way. If you are a US citizen and you hire a Frenchman to kill another american, you are just as guilty as if you hired an American. I worry a little bit about someone faking spam from a rival company with forged headers in order to get them in trouble.
-- Virtual Windows Project
That point is valid, using OSM as an excuse is not. That was my only point.
What it gets OSM is entertainment in some way as near as I can tell. Hey, it takes all kinds, right? I don't like it, you don't like it, but he for some reason does.
Fawking Trolls!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
OSM DOES NOT COUNT!!!! Please, develop a sense of humor! OSM is a Troll, and yes, he got you guys pretty good on that one, but so what???? It's OVER now, and using OSM's prank as a justification for a "K5 doesn't like us" slam is just plain WRONG!
Fawking Trolls!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
No, he was doing exactly what I said. He was using OSM as an excuse (and a lame one at that) to justify the unjustifiable.
Fawking Trolls!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
I've never seen this submission. Doesn't mean you didn't submit it, because a number of people read and cull the submissions bin, but I've never seen it before now.
--
Michael Sims-michael at slashdot.org
People do go around, every day, making up stories about how Andover is suing them, saying we're censoring stories, etc. etc. etc.
--
Michael Sims-michael at slashdot.org
Site <> readers.
--
Michael Sims-michael at slashdot.org
Upon further consideration, broadcasting routes for somebody else's IPs should be punishable by death.
---
Play Six Pack Man. I
Not if the list was cached on your machine.
The first email from a given Server would initiate an Open Relay Test, if it comes back positive, add them to the 'bad' list, the entries would expire in 30 days or whenever. If the result is negative, it goes in the 'good' list and the expire is longer on the theory that a non-relaying server is much less likely to go open than an open relay is to get fixed.
For the people that you converse with regularly, there will only be the one test. For spam, every email will probably get tested since they will come from different machines. You'll build up a list of open relays quickly though.
Starman97@Gmail.com (bring it on spammers)
Seriously, they forgot something in this legislation. They need an opt-out list that everyone, individuals and ISPs, can sign up for. Just make it part of the law that those of us who don't want any UCE can drop our e-mails in there and be protected.
You wouldn't even have to raise taxes to do it, I bet AOL steps up and funds it just because it will save them so much money to be able to opt-out their whole network. Same with everyone else. That is the only way this law will be effective. You tell one person to stop sending you e-mail, he sets up another account and you have to tell him again. You have one central knock list, and spammers can just subtract it from their send list.
Plus, now that it's $500/e-mail, you could hit these little bastards with some huge fines...
-jpowers
-jpowers
How does osm wasting people's time benefit him? I'm not pissed that he did that, it's just...what a waste of energy. If you don't like what happens here, download the source or write your own and set it up elsewhere or just go the fuck away.
-jpowers
-jpowers
At the moment what I see is BGP working as designed with the added hiccup of Above.net blocking ORBS traffic within it's own Network
With regard to the article in the Register, they claim that Abovenet and Paul Vixie are one. AFAIK this is incorrect.
Now maybe Above.net shouldn't be filtering the Orbs network internally, and maybe ORBS shouldn't be probing networks where they've been asked not to go.
The 'shitlist' ORBS maintains is not necessarily a bad thing, however their presentation of it and their zones in general sucks big time. If ORBS had taken it's lead from the other RBL type services and provided separate zones to start with listing input, output, manual and 'asked not to test' netblocks as separate entities rather than having a single lookup with differing returns (which until recently wasn't supported in a significant number of MTA's) then many problems would have gone away. However the attitude I saw (IMO) was one of "it's not a problem with ORBS you are using it wrong", which while being technically correct is not exactly helpful.
Another point of contention is the 'full disclosure' policy where all relays which aren't reported as fixed within 30 days is (IMO) just plain stupid, in that it will draw critisim and flak to the list and it's maintainer.
On the positive side the technical side of ORBS is damm good, the DNS lookup method is far more effcient than multiple zones (however as noted above if there isn't support within the community for the method then telling people they're using it wrong is not a method to gaining friends.).
Personally I don't believe that MAPS are out to get ORBS, there has been a mutual non-aggression pact between them for some time. Above.net != MAPS in the same way that ORBS ISP != ORBS
-- The Flying Hamster
Oh yeah. I remember the Green Card spam on Usenet. Wasn't that the one that inspired the CancelMoose? Then we had David Rhodes and his MMF. Then the Lonely Lily spam...
Usenet was so much better back in the 80's. And even then it was mostly crap.
Oh, go on, check out my job.
let it be Understood that i agree with the general idea here.
... Well why not? If Yahoo goes and does some SOP corporate stuff that screws over the little guy, they would be a fair target under the Texan legal precedent of "He wars askinfrit!" 'Askinfrit' as in 'asking for it' as in etoys.com, amongst others. my only problem there was that etoys survived. oh, well...
... Uh, all i got to say on this one is if i had been the 6'1", 215lbs that i am now, that goddamn doctor woulda thunk twice.. yup.
that said,
We don't want to legalize DDoS attacks agains Yahoo, etc.
They're probably not even circumcised. Savages.
i know it ain't good old fashioned Anarchy, but it's better than Gore:
Don't ask. Go see.
I honestly don't think starting a flame war between kuro5hin and slashdot is ever going to be productive.
(see subj),.. rather than adding fuel to the fire?
hmm,..
...dave
Think different? I'd be happy if most people would just think...
yup. i was on an irix box back then and i remember setting up killfiles. fidonet echo was a helluva better than usenet back then..which is where most people were...on BBSes and stuff.
I would also like to mention that I would vote down _any_ article on kuro5hin that obviously bashed slashdot. Having comment/post that bashes another site is one thing, putting it on the front page of the site is another.
I agree :)
I think you're right =)
point taken, I was not even aware of any banter back and forth about who was at fault (although there always seems to be some anyway). I think I still would have liked to known about the problem before it was resolved (sorta).
Well,
First off I should say I am a strong fan of maps.
And I actually used to follow the squabbles about maps vs orbs.
However let me show you an traceroute from a box in above net (SJ1):
nslookup www.orbs.org
Name: www.orbs.org
Address: 202.36.147.16
% traceroute 202.36.147.16
traceroute to 202.36.147.16 (202.36.147.16), 30 hops max, 40 byte packets
1 main2-133-3.sjc.above.net (209.133.3.3) 1 ms 1 ms 1 ms
2 core1-main2-oc3-1.sjc.above.net (209.133.31.186) 1 ms !H 1 ms !H 1 ms !H
It actually gets hosed still in san jose, maybe it is null routed [as mentioned in the linked articles])
lets see whois:
> whois -h whois.networksolutions.com orbs.org
NS1.MANAWATU.NET.NZ 202.36.148.65
NS1.ABS.NET 207.114.0.130
SKYNET.SIMKIN.COM 199.175.137.111
DOUBTFUL.SIMKIN.COM 207.6.128.246
NS3.AUSTRIA.EU.NET 193.154.160.110
% traceroute 202.36.148.65
traceroute to 202.36.148.65 (202.36.148.65), 30 hops max, 40 byte packets
1 main2-133-3.sjc.above.net (209.133.3.3) 2 ms 1 ms 1 ms
Hrm...it doesnt get as far as the first.
(the others are ok)
Now I'm NOT a bgp expert...but I'm guessing (and only guessing) [did I say I'm guessing?] that if this is not going this far because it might be null routed. Of course, considering above.net does use some cool/strange routing tricks, it might actually be reaching an exterior/border router that just has no idea how to get there....
but if this is the case, the it is only above.net and not from other places (like exodus and globalcenter [which I checked]). Therefore it would sound like an above.net problem.
Where I sit:
Well I guess it had to come to something, there were a lot of complaints about being probed from orbs, people being on orbs and being unable to get off. etc. etc.
Having seen vixie talk (twice), I still fall on his side, and I think he's trying to stop mail-abuse the best he can. And while orbs may do something to stop abuse, they create their own in doing massive probes against secured boxes.
-- C
I've had one of my mailservers detected as a relay by ORBS before. The message you recieve clearly indicates what bug it was succeptable to and gives a pointer on where to look on how to fix it. Instead of flaming them I went and fixed the problem and had my server removed from the list.
Instead of researching and fixing the problem you went and flamed the ORBS people "I am right and you are wrong and don't you _dare_ blacklist me." When in fact they were right and you were wrong. When you accuse someone of being wrong you should damn-well be sure you are right.
Was their reply worded un-tactfully? Probably, but they also probably get tons of email from people who rather than deal with their problems go and flame the ORBS staff.
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
Leaving alone the issue of abovenet's rebroadcasting BGP routes for ORBS; its been clearly shown already that this is an issue of ORBS being an indirect customer of abovenet through their own ISP (Telecom new zealand).
Above net is a large enough (I would consider them Tier-1) provider that they should have no place in making judgement calls on which systems their customers have access to. Abovenet provides connectivity for thousands of businesses, some of these ISP's with millions (?) of customers.
This situation is the same as if Pacific Bell prohibited phone calls to/from the vatican for all the millions of it's customers because it's management disagreed with the christian belief system.
Abovenet has stated that they consider the ORBS probes to be an attack (debateable, but we'll take it at face value). However they prohibit all access to the ORBS services by blackholing all their traffic.
If you are one of the thousands/millions of people who are connected directly, or indirectly through another ISP, to abovenet you have no option to use ORBS services, send them email, or even view their website.
Abovenet has it within their ability to specifically block probe traffic; They have done this in the past for other security problems that used specific ports. They could do this if the probe traffic is such a big issue, but instead they decide for all their customers that ORBS are 'bad' and that no-one should be allowed to communicate with them.
At their size, AboveNet has no place making moral decisions for the rest of it's customers.
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
Is it possible to actually sell stuff through spam drops? Is there any evidence that anyone can actually make cash through it? It seems to me that almost all the spam I get is just offers for buying more spam lists.
/. actually bought anything from a spam offer? Did you get what you paid for? Just curious. I find it hard to believe that any of the offers are genuine...
I can't understand why anyone would actually buy anything from a stranger emailing them with a lying subject line who is therefore already establishing themself as completely unprincipled. Has anyone on
I menat to say the anti-spammers do the corp thing and merge to be one Devasator/Predaking/Menasaur anti-spammer entity.
Now if the spammers formed one big entity, they would be much easier to wipe out, come to think of it. Lawsuits galore.
Doubling the amount of email would not kill the internet. It would not influence the total bandwidth at all.. just think about how much banwidth is used for pictures vs. email.. and remember that these 2nd emails are small. Now doubling the ammount of email might force a few ISPs to upgrade their servers next week instead of next year, but this is not much money.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Anyways, to get to the motivation of my post, the discussion consisted largely about the "big flamewar between /. and k5", not about why ORBS might have been Deemed Naughty, so I figured I'd illustrate the argument against ORBS in the interests of completeness.
My apologies for the inaccuracies in my post - and my thanks for your clarification of the situation.
In all honesty, if I adminned a box and noticed ORBS probing it, I personally wouldn't mind that much, (assuming I wasn't one of the unfortunate souls for whom the probing apparently crashed the box!) 'cuz I know you're whitehats. But I can see why other admins (Umm... especially the poor guy whose box went down!) would react otherwise.
Although I personally have no real beef with "contact abuse@relaytest.orbs.wherever" (again, because I know you're fundamentally good guys), that gets into a whole 'nother ball of wax, probably too esoteric for the purposes of a /. discussion, about the opt-in/out implication of "hit reply to remove our probes".
Which is a pity, since it's at the heart of the question of whether or not what ORBS does should be considered abusive.
I have no really firm opinion of it, but if pressed, I'd say it's not a problem when there are only one or two trusted relay-checkers. The problem comes from the slippery slope aspect of the problem.
In addition to the "is reply-to-stop-being-probed merely a form of opt-out" question, the other big issue that was totally ignored in Slashdot today, was the question of "at what quantity of relay-checkers does a sysadmin cease to be able to keep track of them all?" At what point does it become impossible to differentiate the whitehats (ORBS, RSS) from the blackhats ("Foo's Relay Checking Service, Established July 2000, honest, we're legit, we don't sell our blacklist of open hosts to spammers, no sirree!")?
I don't know. There's no good answer to that - it's all up to the admin you ask. But when that point gets reached for any given admin, he's likely to throw up his hands and regard all relay probes as hostile.
(Pi: Yeah, I know the principals in both sides of the ORBS debate already know that, and that this too has been talked to death in nanae... I'm just pointing it out for the benefit of readers who've obviously been getting real work done or reading Slashdot instead of reading USENET like they're supposed to. Unless they're reading /. with lynx, don't they realize that a text-based newsreader like trn or tin in an xterm looks exactly like working?!?! ;-)
A mailserver crashed by ORBS is like a house doused with gasoline --- If it burns down when the guy looking for guns drops a cigarette onto the patio, it'll ignite for many other things as well.
If a server is crashed by ORBS, then there is a serious problem with that mailserver that should be fixed. Anyone can launch a DOS attack!
Infrequent? Do you have any *idea* how much mail would be required to dynamically check each and every server on each mail request? Having at least two mails for each legitate mail received? It would kill the internet.
Perhaps, but what if each house in such a neighborhood held a weapon that could be used to destroy other houses that *did* have their doors locked?
The analogy is incorrect.
"Well, we held or deleted the first few hundred submissions, because we were hoping the situation would magically clarify itself."
And you Slashdot ops wonder why so many of us think you're going down the tubes.
So, you figure if you delete the news often enough, it will go away? Get real.
We have it, we like it. However, it costs $$, and has the potential of locking friends who value their privacy out of your life via phone...
Matt Barnson
Matthew P. Barnson
I learn what I think when I read what I write
>What am I to do when I have an un-provoked attack? Just let them keep it up? Or block the sites where the attacks were comming from. A *RESPONSIBLE* sysadmin blocks the source of the attacks.
... they're not looking for SPAM. They are/were scanning systems susceptible to being used by spammers UPON REQUEST by some person. (Note they are not scanning randomly but you have to specifically point them to the servers they should scan)
What you fail to realize is that IT WAS NOT AN ATTACK! If I ping your IP range to see which servers are there will you sue me for cracking your site?
>They can't even provide PROOF of spam when asked, so why should they be probing my network?
Erm
Agreed, their methods may be questionable but their system is reported (by its users) to catch 90% of the spam messages on the net and MAPS do definitely NOT have the right to just go ahead and disrupt their service. (If what ORBS is claiming is correct, then MAPS are the net terrorists!)
Greetings
>You seem to believe that a probe looking for a hole is ok.
I do, as long as you don't use the holes you find for any illicit actions.
>If I wander thru your neighborhood with a crow-bar and check for open doors/windows, you'd support that action, so long as I said I'm "doing this to improve the security of the neighborhood"
No, but with a crow-bar you can break my doors/windows, you can't do that with a dumb e-mail probe. What you are describing is much more aggressive than what ORBS are doing.
>Really? Gee, I'm subjected to a UNWANTED attack from ORBS and I should just say "sure, come on back", or should I block future attacks?
No, because you're not subject to an attack, I REPEAT: A PROBE IS NO ATTACK! If I do a portscan of your machine did I harm you? No! If I use the result of the portscan to break into your system, now that is an attack.
>Now, what did ORBS do? They list my host as 'Selectively open relay', which is a lie. And they KNOW it, because the host is listed as 'checked OK'.
Granted, this may have been an error on their part, but you blocking them didn't really help. In fact you worsened the situation and caused your system to be flagged as 'unprobeable'. But the choice of blocking your systems on other servers is not done by ORBS but by the admins of those systems. (If I decide to implement ORBS on my servers tomorrow and I tell it not to let 'unprobeable' systems send mail then I have blocked you. If I decide not to care about the unprobeable ones I'll let them through, the choice is mine)
Greetings
>Gee, and what about Mr. Seebs1 238&cid=111
http://slashdot.org/comments.pl?sid=00/07/19/14
message. Looks like that crowbar ORBS swings *DOES* break someones windows. And, they just keep breaking his windows.
Is it ORBS' fault that Mr. Seebs is using a buggy mail server that doesn't handle some e-mails correctly? And are they at fault that some admins obviously don't care about privacy to such an extent that they set up their systems to send them a copy of failed relaying mails?
>And posting the IP of a portscaned system for spammers to use looks like collusion WITH the spammers. No need for spammers to do the scanning work.
That is not the objective of ORBS. They should first contact you and 30 days later publish your system as 'for spammers to be used'. BTW: This posting is exactly what prevents spammers from being able to use it, as any mail server using ORBS will not let them through.
>My host is flagged as 'last tested ok' and 'queued for re-testing'.
Then what are you complaining about? They saw that your host is OK and everybody using ORBS will accept your messages.
>ORBS created the 'situation' by *NOT* being reasonable.
1) They do not have proof of spamming from a host
They don't need to have any. They are not accusing you of spamming. They are probing your system because somebody asked them to do so.
>2) They do not provide this proof when asked
Please see 1
>3) They do not ASK a sysadmin if they wish to be tested
OK, I agree that is something they should do.
>If they had proof, were willing to provide proof, and ASKED before launching their probe attack, an attack that is FAR worse than any one spammers probe attack, then ORBS would not be the net.terrorists that they are!
You are not telling me that some small probes from ORBS are worse than a spammer sending hundreds, maybe thousands of messages through your hosts, are you? I prefer them probing my server from time to time rather than having my bandwidth wasted by spammers.
Greetings
I've been informed that that my current ISP's sysadmins are all that.
>I make a point of running up the toll-free long distance time on the phone numbers they advertise
Be sure to do this at pay phones. Extra $0.35 or so charge to the bill.
And, how many of you have sent bills to the spammers and then taken them to small claims court when they didn't pay?
(think: A nation-wide network of people who bill spammers, and the supporting laywers/people who buy the debt from the spammed in, say Ohio and sue the minnesota based spammer.)
If it was said on slashdot, it MUST be true!
>No, but with a crow-bar you can break my doors/windows, you can't do that with a dumb e-mail probe.
1 238&cid=111
If it is a 'dumb' probe, why are they doing it?
>What you are describing is much more aggressive than what ORBS are doing.
Gee, and what about Mr. Seebs
http://slashdot.org/comments.pl?sid=00/07/19/14
message. Looks like that crowbar ORBS swings *DOES* break someones windows. And, they just keep breaking his windows.
>If I use the result of the portscan to break into your system, now that is an attack.
And posting the IP of a portscaned system for spammers to use looks like collusion WITH the spammers. No need for spammers to do the scanning work.
>Granted, this may have been an error on their part,
Error? No, its part of the way ORBS does business. That is how terrorists and thugs work.
>In fact you worsened the situation and caused your system to be flagged as 'unprobeable'
My host is flagged as 'last tested ok' and 'queued for re-testing'.
ORBS created the 'situation' by *NOT* being reasonable.
1) They do not have proof of spamming from a host
2) They do not provide this proof when asked
3) They do not ASK a sysadmin if they wish to be tested
If they had proof, were willing to provide proof, and ASKED before launching their probe attack, an attack that is FAR worse than any one spammers probe attack, then ORBS would not be the net.terrorists that they are!
But, please, feel free to read up on ORBS and why they are net.terrorists on the NANOG list.
If it was said on slashdot, it MUST be true!
>Anyway, saying that ORBS is evil because they "attack your systems" (which they don't, they only probe them, much like port scanning) is a lame and invalid excuse for clueless sysadmins to not secure their mail servers.
And *I* maintain that they *DO* attack.
Without provication, ORBS attacked my host 'looking for an open relay'. ORBS could not provide any proof that my host was involved in spam.
I chose to add them to the REJECT list in sendmail.
For adding them to my REJCT list, my host is listed as a 'selectivly open relay'.
Given most people in NANOG feel ORBS attacks systems, are you calling NANOG members 'clueless admins'? Myself, who e-mailed ORBS asking them to provide proof that my host was used in spamming 8 hours after the attack...I'm a 'clueless admin' because I wasn't reading my log files at 2 AM?
Get educated about ORBS...and when you do, you will find that they *ARE* net.terrorists with thier blind attacks.
If it was said on slashdot, it MUST be true!
>They made a reasonable effort to contact you,
No, they made *NO* effort to contact me, save attacking my host. In fact, the only reason I found out about them was the attack.
My sendmail works fine w/o RBL, because I parse the logs dynamically and re-route spam runs to a seperate server. I therefore have no need for RBL or their ilk.
*I* contacted them when I saw the log entries, and asked them to justify themselves. In under 8 hours. (I am allowed time to sleep, right)
*THEY* made the choice not to respond.
What am I to do when I have an un-provoked attack? Just let them keep it up? Or block the sites where the attacks were comming from. A *RESPONSIBLE* sysadmin blocks the source of the attacks.
I could have asked for information, and just blocked their access and not mention that there were blocked due to their actions.
An action like that would have been:
>do the equivelent of sticking your fingers in your ears and chanting while they talked.
>conclusion that you are deliberately lying is a reasonable one that many readers can be expected to make.
No, I drew a conclusion. And, it is quite possible ORBS is a front for spammers. The open relay list is not only a resource, but serves the function of over-salted food in a bar. They create demand for their list. The US government had a policy of not using census data for anything but the census. Tell that to the Japaneese moved to the desert in WWII. *YOU* have lied in this. *YOU* stated "They made a reasonable effort to contact you" They made *NO* effort at all, they just attacked.
>When you block their traffic, refusing to allow them to inform you of the problems they find in your network, what option do you leave them?
They can't even provide PROOF of spam when asked, so why should they be probing my network?
In Australia they may not have a concept of due process. But here in the US, there is a concept that one has to have proof before the cops can come in and check your home out. If ORBS wants to play net.spam.cop, then they should:
1) have proof.
2) contact the admin with the proof.
3) ask to do a probe.
Instead, they attack a host with probes.
Net.terrorists they are.
If it was said on slashdot, it MUST be true!
>It's not an attack. It's a probe.
You seem to believe that a probe looking for a hole is ok.
If I wander thru your neighborhood with a crow-bar and check for open doors/windows, you'd support that action, so long as I said I'm "doing this to improve the security of the neighborhood"
If ORBS
1) Had proof
2) Provided the proof
3) Contacted me with the proof and ASKED if I wished to be probed
then ORBS would not be a net.terrorist.
The three steps however would require ORBS to be resonable, and being reasonable is not the goal of a terrorist orginization.
>I understood your message entirely. You didn't want them to contact you at all so you made sure they couldn't.
Really? Gee, I'm subjected to a UNWANTED attack from ORBS and I should just say "sure, come on back", or should I block future attacks? I chose to BLOCK the future attacks, and I let them know how to get back to me with the information I had requested.
Now, what did ORBS do? They list my host as 'Selectively open relay', which is a lie. And they KNOW it, because the host is listed as 'checked OK'.
But that is why ORBS never got back to me with the proof that my host was a relay...becasue there WAS no proof.
If it was said on slashdot, it MUST be true!
>If ORBS were only about open relays,
Then they would not have database entries that give "Selectively open relay" messages for hosts that have checked out OK in the past.
ORBS is about net.terrorism. And if you beleive otherwise, you have been duped.
If it was said on slashdot, it MUST be true!
>>BTW -- there is NO WAY to opt-out of ORBS and being probed and threatened. Even if your servers are 100% fine, and you tell ORBS not to scan, they'll block you
>Just for the record, they don't block you. They mark you as untestable.
ORBS may not block you. But ORBS *DOES* take a host that is listed OK in the test result database and in the static list and publishes it to others as a "Selectively open relay"
Given this listing is incorrect, either ORBS is run by incompentent fools, or did this out of spite.
If it was said on slashdot, it MUST be true!
It gets you listed with a warning like this one:
X-RBL-Warning: (relays.orbs.org) Selectively open relay
If it was said on slashdot, it MUST be true!
>it would be rather hard to collect and even more difficult to bring a court case,
*smile* that is why you create the bill, then sell it to someone who is local for a %age on the dollar. You may not see a dime, but the satisfaction of seeing a spammer in court is its own reward.
If it was said on slashdot, it MUST be true!
Yes. See this post.
"for another entity to unilaterally deny users who are not their customers the right to use the service, however flawed it may or may not be, and to do so by undermining the very IP protocols we all rely on is reprehensible in the extreme. "
Right. But they're not doing that.
Did you even look at the MAPS web site?
No criteria?
What about those on the "Getting on the RBL" page?
(http://www.mail-abuse.org/rbl/candidacy.html)
No way to get off?
What about the instructions on the "Getting off the RBL" page?
(http://www.mail-abuse.org/rbl/getoff.html)
People who complain that no information is available when they obviously haven't even bothered to look at all really piss me off.
> 1.SPAM is effective because people actually like
> it,
Some people DO in fact like it (or at least not
mind it). In my experience they tend to be in the
minority.
> 2.SPAM is effective because people get so
> enraged that they flame in reply, proving that
> their email address is read by a human being;
> and eventually, by repeatedly being bombarded
> by the same message, you unconsciously want to
> buy that product.
Here is one legitimate one... but not for the end result you claim. IF the adress is verified as correct, then thats one more verified adress.
Remember, spammers come in different flavors. Some just sell lists of email adresses, others do actual spamming. Generally, it seems, the person doing the spammer couldn't care less if the product sells. They are just the advertiser. They get paid either way.
If an adress is verified as good, then they can claim "We have the best adress list there is" or what not.
The question is, who is spam effective for? Its certainly effective for the spammers themseleves, does it work for their customers?
My gut feeling is that it probably is. Most people arn't so offended by spam that they will refuse to do buisness with the company. When its just a web page getting paid by banner ads, even worst. Most people will load a page once if they can.
-Steve
"I opened my eyes, and everything went dark again"
According to Sec 5.(c).(2) of the bill passed by the house concerning UCE's:
INNOCENT RETRANSMISSION -- A provider of Internet access service that facilities of which are used only to handle, transmist, retransmit, or relay an unsolicited commercial electronic mail message transmitted in violation of subsection (a) shall not be liable for any harm resulting from the transmission or receipt of such message unless such provider permits the transmission or retransmission of such message with actual knowledge that the transmission is prohibited by subsection (a) or subsection (b)(1).
Does this mean that if I have an open SMTP server I can be held liable for junk e-mails flowing through my system? I'm not saying this is all that bad but do we really need the force of government to get people to secure their systems?
It would be a good idea if I could explain it right...
Thad
Thad
I personally don't use ORBS or MAPS to block mail to my systems... we make our own list to block.
What I do like about orbs is that i get the site report. I usually find that if someone has a system with an open email relay...that it usually has some more serious security problems with the box. I don't have the time/manpower to hunt these down myself. I like the list I get so I know which machines to concentrate on.
It works well for my environment where i don't have control over all the boxes, but would like to focus the manpower on keeping the network/machines as secure as possible.
- ORBS has not been listed in the MAPS RBL for years. Vixie has stated recently, that he did list ORBS once, years ago, when he was running the list personally.
- ORBS is not currently listed in the MAPS RBL.
- ORBS is not currently being seriously considered for nomination to the MAPS RBL. (afaik) But I think they might be able to make a good case, should they decide to do so.
However. ORBS is being blocked by Above.net, per their right. The confusion lies in the possibility that Above.net was broadcasting externally that they, Above.net, were a route to ORBS, then--
I disagree. Central blacklists are a great idea, but you must understand and agree with the criteria the maintainer uses to add an entry to the list. Also, the maintainer must follow their stated criteria. Centralized blacklists make a great way for you to find out about abusers before they get to your network. It also happens to increase the pressure not to become an abuser on the first place.
--
Thank you for the most important response to this whole article. I hope everyone reads this one.
--
I have seen a lot of funny routing-games going on towards the MIS netblocks (where www.orbs.org is hosted), one of our netblocks (194.178.232.0/24 which currently hosts the relaytester) and even against specific DNS servers hosting secondary zones. If ABOV's purpose were to stop what they thought to be abuse, they wouldn't be doing things so covertly.
People argue that AboveNet are within their right to deny any traffic they see fit. Perhaps they are, but there are respectable members of the Internet community working there that at least I expected to be a bit less short-sighted, people that, for example, would have the decency to send a bit of mail to our abuse-address concerning the problem they have with the tester instead of silently blackholing a /24.
If this were just a provider concerned with their own security policies and nothing else, they would have done what they did in the open and they would have approached the people involved to get things fixed. The message is very clear, they want ORBS to just plainly die. I don't use ORBS myself (pretty hard to use ORBS if you're supposed to handle the abuse-queue where messages _about_ ORBS could end up at), but I don't react well to intimidation.
Cheers,Pi.
Some footnotes to your comments, which were overall unbalanced yet a bit incomplete.
The ISP ORBS uses is more than one ISP. The website runs at MIS. The tester runs at Vuurwerk. And several companies host secondary nameservers for the orbs.org zones. All of those networks have suffered temporary unannounced blackholes and other routing-related incidents without prior notification.
AboveNet and Paul Vixie are not one. But the two top MAPS figureheads (Dave Rand and Paul Vixie) both have high (as in policy-making) positions there. It's ultimately been their call to not allow ORBS through AboveNet. And it's been their call to do this in a covert blackops style instead of being frank about it.
I don't think MAPS as a project is out to get ORBS either. I've been able to talk to MAPS supporters in quanitity the last couple of days and the majority of them are friendly and aware of the fact that basically they're on the same side. There are some things that can be said about ORBS that would need improvement. The way ABOV have engineered things, though, there is not the slightest chance of getting those improvements made. They want ORBS to die and then they're happy.
Oh, final note, the inputs.orbs.org zone is what you can use if you don't want 'untestable' ranges rejected by your MTA. It only lists verified relay inputs, not the manual entries. It's been around for a while, too, although advocacy of this option has been rather sparse.
Cheers,Pi
The hall of shame netblocks are either netblocks that were full of open relays and then suddenly got blocked. Relays in these blocks have usually been tested manually by other people, with the results forwarded to ORBS.
Hope that clears things up for you.
Cheers,Pi
Hi there. I read abuse@vuurwerk.nl, the upstream of the machine sending you unwanted probes (relaytest.orbs.vuurwerk.nl). Please give me a couple of message-ids so I can trace back where you complained and see to it that you are never again probed. Also tell me how you managed to call me without knowing my phone-number :-).
AboveNet never complained to us. Nor to UUNet (our upstream) nor to Versatel (our other upstream). They just started blocking out of the blue. They can block for any reason at all, it's their right, but sensible, reasonable, people try to get things fixed without being so drastic first.
ORBS is not on RBL by the way. This is a solo-action inside AboveNet space. It was put in the RBL once, though, by Dave Rand (CTO of AboveNet if I'm not mistaken) but removed under public pressure.
Cheers,Pi.
Please give me an example. I hear these stories all the time, but nobody bothers to give me a good example. AB is not immune to LARTs, even remote ones :-).
Cheers,Pi
Just for the record, they don't block you. They mark you as untestable. Unfortunately the default implementations query relays.orbs.org for any response at all. I'm actually taking an active look at that and perhaps AB can be convinced to make the default zone not include those listings, making it then a deliberate choice to either bounce/tag messages in that static list or not.
Cheers,Pi
Still seems pretty simple to me. They don't want to pass traffic for a certain AS, they shouldn't announce it. The low-metric jokes also were pretty lame.
$ nslookup
Cheers,> server topaz.nstc.com
Default Server: topaz.nstc.com
Address: 207.166.203.194
> ls -d relays.mail-abuse.org
[topaz.nstc.com]
<snip full list of abusable relays>
My God! It's full of relays!
Pi
IMO the expression "pissing contest" is more appropriate to this situation...
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Would those wires be the ones that remove them from the gene pool without killing them?
Besides, the proposed penalties lack the element of poetic justice. $500 per infringing email? How about locking a spammer in a dark room with no food or water until they copy out longhand each ad? Including mail headers, of course.
...dave
I agree.. I have never seen anything other than some mild talking about stories from k5 being linked to /.
/. How would you like it if people went around saying /. readers and staff set upt he site to habitate a bunch of linux eliteists? Hmmn wait.. PEOPLE DO think that and you wonder why? I dont believe it but it does not change peoples perceptions a lot of the time
It is totally unfair of slashdot to say things negatively like that to them.. Thats not really nice
If you think education is expensive, try ignornace
I didn't understand exactly how this works. Say Spammer Bob sends 100 spams to isp.com. isp.com contact Bob and tells him to quite. Bob says he will quite sending spam to there isp. Bob the next morning "forgets" about the agreement and sends 100 new spams to isp.com. isp.com takes them to court. Now does isp.com get $500 total or does it get $500 X 100 spams?
Also say customer Tim and isp.com both ask Spammer Bob to stop the spamming. The next day Bob sends more same to customer Tim and both the isp and the customer wants to sue Bob. Do both Tim and isp.com get $500 or does just one or the other get the money?
Can a customer sue without the interactive of the isp.com? Say Tim gets a spam, tells them to stop sending it and Tim still gets spam, can Tim sue even though he is only a customer at the isp?
Also on a side note, if you tell telemarkets to "put me on your do-not-call-list" and they call again, you can make a quick $500 bucks pre each call they make to you after you tell them to stop. I heard this from NBC news, but not sure if it is %100 true. The thing I wonder about this, is how hard is it to collect the $500 bucks? Does it take 4 years of meeting in a out of state court every day, or is it some type of "quick processing" case? What proof are you required to have to be able to sue em?
Just wondering, the boggles mind.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Funny this should come up on the heels of the other RBL topic.
I'll say it again: the RBL (and ORBS, for that matter) is no longer about fighting spam. It's a bunch of power-hungry anti-spam zealots who are behaving childishly because they're frustrated.
I can sympathizy -- spam is incredibly irritating, and it seems like traditional methods (filters, etc) just don't work. But these people have completely lost sight of their original goal, and they're even turning on each other.
It's unfortunate, but maybe it will be eye-opening to those who have been snowed by both groups. Their intent is noble, but their behavior is, once again, childish and dangerous.
Some comments from the last thread about RBL
-b
If I wanted a sig I would have filled in that stupid box.
I don't think that all the spammers of the world would be able to form a corporate entity, but if they did, man! That'd be the largest corporation ever!
(Watch out for dangling references....)
The problem here is to do with lumping together routing for a number of locations.
NZ Telecom route data for ORBS. They also route data for a number of other customers. When they report to other companies about who they route for, they don't say 'we route for customer X, customer Y, and ORBS' - they say 'we route for this block of computers' which includes all of the customers they route for.
This means that when NZ Telecom tell me who they route for, I only get one lot of routing - for every NZ Telecom.
MAPS broadcast the fact that they can route to NZ Telecom. This is perfectly valid, as they can. They will route data for any other customers of NZ Telecom's. However, as a result of broadcasting the fact that they route to NZ Telecom, they also indirectly broadcast the fact that they route to ORBS via NZ Telecom.
This means that if I want to route data to ORBS, I will see that Above.net route for them, and send them the data. Unfortunately, as they are blackholing ORBS, any data I send them is silently dropped.
This in itself is still not a problem. However, if I have two routes to ORBS, but I know for a fact that Above.net is faster, I will ALWAYS send data via Above.net, even though they blackhole ORBS (I don't know that - in terms of automation, that is).
This means that although there is a perfectly valid route which will allow me to send data to ORBS, Above.net are reporting that they accept data for ORBS (as a general routing for all of NZ Telecom), and so I send via them (and the data never gets there).
People on the side of ORBS would say that this is unfair as Above.net are broadcasting routing for network addresses which they do not route for, and then dropping the packets, effectively sucking in and throwing away data which, if they didn't broadcast routing information for, would in most cases reach it's destination via some other route.
Supporters of Above.net would say that they are simply passing on routing details passed to them by NZ Telecom - which they validly route to - but because NZ pass them the routing in one chunk, they cannot distinguish between ORBS (which they will not route to) and other NZ customers (which they will).
---- END OF IMPARTIAL COMMENTS ----
Personally, I lean in the favour of ORBS in this situation. It's valid for Above.net to block ORBS traffic through their network if they see fit (it's their network, after all), but to tell other people that they will route that data - blatently not true, seems wrong. I think it's up to Above.net to resolve the problem of having the routing lumped in to one single route - if they block traffic for specific networks, they should also remove those networks from their routing broadcasts.
Having said that, I think the two companies (that's ORBS and Above.net, not ORBS and MAPS - MAPS effectively have no direct connecion with this issue) should just sit down, put their differences aside, and resolve the 'problem'.
It would seem to me that if ORBS agree not to test any of Above.net's servers - something which they state on their website they are happy to do - then Above.net should stop blocking them. Unfortunately, ORBS not testing Above.net's mail servers means Above.net being listed in ORBS as a potential relay (seems fair - if they don't want to be tested to see if they do relay, they must be assumed to relay). I think that Above.net aren't too happy with this though - they seem to want to have their cake and eat it - they don't want to be tested, but they also don't want to be listed.
PLEASE NOTE - THE ABOVE IS MY UNDERSTANDING OF THE SITUATION, AND IS NOT COMPLETELEY VERIFIED AS CORRECT
--
--
Beauty is in the eye of the beholder... Oh, no. It's just an eyelash.
I collect all the spam I get, and store it in a directory on my HD. One day, when I've had a really, really, bad day, I'm going to mass forward all 13,000 pieces I've collected onto one unsuspecting, innocent bystander who accidentally pisses me off. I figure it's going to be great therapy.
BTW, notice me email address is not obfuscated...I truly do love spam!)
Let's trace down every spammer one by one and cut some wires...
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Both are acting wrong: MAPS has no right to block ORBS outside their network (if they want to do it inside, it is their business...) and ORBS has no right to include MAPS on their black hole list because MAPS servers being open relays would be a ridicolous idea.
I work for a small ISP in Bonn, Germany. We have thought about using both MAPS and ORBS to protect our customers from spam, but we cannot afford afford using politically unreliable black hole lists. That's it for both MAPS and ORBS.
According to the bill you can sue for 500$ for each piece of spam you get. Wow, I'm sure there are ISP's that get thousands to millions of pieces of unwanted spam mail everyday. That adds up to alot of cash. The person getting the spam does have to ask the spammer to stop before they can sue but i can see some of the bigger isp's going to town on this issue
If you're going to complain, at least complain about the right organization.
MAPS is *not* blocking ORBS
Above.net *is* blocking ORBS
While it is true that some of the principals at both organizations are the same, it does not follow that MAPS == Above.net.
Just to end the discussion whether or not the ORBS is listed in the MAPS RBL, I let my mailserver to be checked by ORBS to find out the IP adress originating the relay tests. This is my exim log entry:
refused relay (host_accept_relay) to <orbs-relaytest@manawatu.co.nz> from <sender@orbs.org> H=relaytest.orbs.vuurwerk.nl [194.178.232.55]
and this IP is not in in the RBL ( http://mail-abuse.org/cgi-bin/l ookup?194.178.232.55)
Personally I don't use ORBS anymore because it rejected too many legitimate (non-spam) emails. I'm maintaining the mailinglist server for KDevelop (and other projects) and at the time I used ORBS I got several complains from people who were not able to post the list.
Of course it would be better if the relays would get closed. But how do you explain that to your "customers"? "Sorry, you can't post to this mailing list because your ISP's mailserver is an open relay." -- "Uhhm, what?" I don't think this is a solution. It only annoys people and you can't expect the people to bother with such things. Heck, they just want to ask a question on my mailinglist!
Personally I really like the MAPS RSS list. It only lists relays that actually had been confirmed to relay spam. IMHO this list should get a bit more support (i.e. look to the headers of your daily spam and submit the spam message and the relay IP to RSS if you have the time)
Stephan
The real solution for spam has been around for ages. Userfriendly had the best solution for spam i have ever seen. First Response Second Responce These are the best solutions to spam I have ever seen. If people would only listen to cartoons. *I'll Fix his Little Red Wagon*
The anti-salmon
Haven't we seen a similar fight before between the Censorware makers, who are commercial entities? Many would place the others' sites on the blacklist, so you wouldn't be able to view competition.
Now we have MAPS bl'ing ORBS? And possibly vice versa in retaliation? And MAPS/Above.net moving their blackhole listing software to a commercial brand?
We've seen the bad mouthing of the censorware softwares for many reasons, so are we now going to see similar words for the blackhole lists?
Dragon Magic
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
Lonely Lily spam? What one was that? I certainly remember C&S and Rhodes, but not that one
Nope doesn't work.
There are 2 types of caller ID calls:
Unavailable (which I believe the phone company sells to telemarketing firms)
Blocked (which I don't permit).
Still get telemarketing calls.
(Warning: satire-o-meter reading exceeds threshold.)
Poll Mastah
One thing would be to charge the spammer for your editing services. Say 500$ per message to point out the gramatical and spelling errors that were included. Perhaps charge more for actually testing the links that are usually included for accuracy. (Hopefully charging more than the co. would get for you clicking on them :)
krenshala
krenshala
Hey!
/. reply-to box isn't as satisfying as $500 could be.
While government legislation is a great symbolic step, I'm not sure how much it will actually do to alleviate the 200-300 messages a day that I sometimes get in my mailbox.
I think what we need is a big line of solidarity of users, ISPs and the government. If you get unsolicited e-mail, it has to include contact details because it would be stupid to say 'We here at PornWorld would like you to visit our website at and look at out pictures', and not give out an address and/or telephone number. If people were thouroughly educated to send thier spam to a certain government address with headers, a government department could say 'Ah, telephone 800 1234 5678! That's (Check's database) Bob Bastard!'. They could then have a government fine-collecting department that pays your local brutal repossesion company to enter your house and take $500 worth of goods for every spam recorded, plus an extra $2,500 for repossesion fees. That would sure stop them!
Won't all this simply move the problem offshore?
It might do, but with cooperation from large ISPs and backbone providers, an Internet Death Penalty could be enforced on the senders. There could be an e-mail address at each major domain, dedicated to collecting spam, that is different at every different domain, i.e. Colex@slashdot.org. These could be posted by users at will on any site where they expected spam, with a warning and a real but spamprofed address nearby. Admins could choose to forward all this to the government automaticlly, or could review it and impose blocks on router traffic before sending to the government.
Obviously, the system wouldn't be entirely automated - Heaven forbid the government of any country should have the ability to destroy the internet.
Or maybe I'm talking out of my ass. All I know is I can expect several spam messages every daym from companies like StyleShop and they need to be discouraged. My current system of putting offendor's e-mail addresses in my
Michael Tandy
...another insightless comment from Michael Tandy.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
Im glad they finally passed the bill! Maybe they got sick of coming up with conspiracies to cover all the spamming issues, and decided enough was enough.
:) but now they are sick of coming up with new ones.
I swear the whole Monica Lewinsky thing was all a big conspiracy made up by the government so people would get distracted from all the spam hehehe
Tigris
Kids, you tried your best and you failed miserably. The lesson is, never try. -- Homer J. Simpson
Correct! Sell the bill to a collection agency for a penny to every dollar. Spammers are pretty bad but the dobermen that work at collection agencies are even worse. No rest for the wicked, I guess.
...before the signal/noise ratio goes to zero
1) AboveNet is a bandwidth provider to
ORBS' ISP. As such, they use BGP to
advertise at peering points (large)
blocks of addresses that are reachable
via their facilities.
2) In BGP, the most specific subnet "wins",
so regardless of what AboveNet might or
might not do, ORBS' ISP can insure that
traffic to/from ORBS machines are
advertised to its other bandwidth suppliers
as more specific routes. The consensus
over on inet-access (a respected ISP list)
appears to be that ORBS' ISP has been
unable or unwilling to do this.
3) Why would ORBS tolerate a situation where
AboveNet is upstream of them? It is clear
that the two groups have little love for
each other. It appears that ORBS is
standing on its own shoelaces, when they
should have run, not walked, to an ISP
that is 100% AboveNet-free. Since they
have not done so, they appear to have
helped to create this situation, and are
thus suffering from a self-inflicted
gunshot wound to the foot.
4) While it is true that MAPS will soon offer
a fee-based enhanced service, the existing
MAPS service will remain free of charge.
5) AboveNet certainly has the right to block
any and all packets from any sources it
wishes. Since ORBS does invasive tests
that consume mail server and network resources,
AboveNet even has a valid reason to block
traffic from ORBS. While only blocking
traffic for ORBS to AboveNet's mail servers
might be a "more elegant" solution, AboveNet
is under no obligation to do this.
6) ORBS might have more respect and more
supporters if not for their shocking lack
of social skills. This is by no means the
first time that ORBS has gone out of its
way to be a pain in the neck to someone.
In a world of networks, PEOPLE must cooperate
and be non-hostile for the networks to be
"cooperative".
Science is the art of infallibility, perpetrated upon non-scientists
What really bugs me is the whole concept of their "hall of shame". The page says that the listed domains have open relays, but block the ORBS testing. How can that be? If they block the testing, then you don't really know they have open relays do you. But instead, ORBS assumes they must have something to hide if they won't allow themselves to be scanned. Guilty until proven innocent.
Basically it comes off like "these guys won't play nice with us, so we're just going to add them to our list anyway." What seems particularly ironic to me is that the whole purpose of ORBS is to block certain kinds of traffic (theoretically spam), but when someone else decides to block a certain kind of traffic (ORBS' feelers), they're blacklisted.
Even though your opinion differs from mine...I still appreciate hearing other points of view....I was esp. impressed that you didnt resort to name calling!
Not sure what this little war between ORBS and MAPS is all about, but I would like to share (a slightly off topic) story with /. readers about ORBS. I run a small ISP in Maryland. I received a message from ORBS last week indicating that they had found an open relay on our mail server. At the time, I had NO idea who ORBS was. I replied that I could find NO open relay. One thing led to another and here was the final dialog between me and *someone* at ORBS >>>>> . . MY MESSAGE Thats nice......I have NOT turned this on. I have dialed into another ISP and tryed sending mail to my mail server even with my domain specified in as the return address ....IT DOES NOT WORK!! Your script is wrong. Furthermore, do not put my site on any "blacklist" when your info is not correct. Don't tell me its wrong....show me. . . ORBS REPLY You're a fucking idiot and you can't be bothered reading your mail properly. Now fix your bloody mailserver WTF? What was this guys problem? I am to take them seriously when they treat people like this? In reality, I finally DID find an open relay hole in my mailserver, so ORBS WAS correct, but I have a BAD taste in my mouth over the whole situation. What does everyone else think?
I run a small ISP service and I just got one of those threatening emails from ORBS just last week. I posted some of the dialog between the ORBS admin and myself. Let me sum it up for you. The ORBS admin said "Your a fucking idiot who can't be bothered reading his email. Now fix your bloody mail server"
What an A-S-S-H-O-L-E
I like your view, I like your method of dealing with them. I MAY do the same.
Aren't port scans of *ANY* sort to be considered HIGHLY suspect anyway.
I haven'y had ANY dealings with MAPS, but they can't be THIS bad.....can they?
I don't know about you, but I always want to see "Hot nude XXX girls, barely legal".
Who will win?
Who will win?
Two anti-spammers enter, one anti-spammer exit!
--
If kuro5hin are complaining about /. censoring the story, are they going to complain about /. bringing down their servers with the Slashdot Effect?
Myabe I'm looking at it the wrong way, but isn't there a better way to do this? What if we put togeher (all open-source of course) a set of client side scripts that did all the basic stuff, and included a "blacklist" that could be used optionally. Then users could add to the blacklist via a web page, the scripts would update occasionally, and the reallly bad spammers would get marked as such on the page and get dropped out at a lower setting. It doesn't seem SO complicated that the OSS community couldn't pull it off. Also, we seem to be the most vocal ones anyway...
Maps and Orbs? Cold war? Shooting?
Sounds like an RPG to me...
# debian/rules
Do you trust somebody who gets paranoid about competition, blacklists them even, and to really top things, gets routing people at a large ISP to actively push blackhole routes for ORBS' network, misdirecting packets into their own network (to dump the packets of course). If MAPS was the size of Microsoft, I'd call it another case of anti-trust investigation candidate. Paul Vixie, get a nicer tie, yours doesn't fit your new 'competitive' attitude.
There is a simple way to stop telemarketers. Whenever they call you, just tell the agent that you never want to be called by them again ("never call me again"). They then have to put you on their Do Not Call list. Eventually you'll get a lot fewer calls. This is Federal Law and all call center products implement DNC lists.
Firstly, I'm a newbie so apologies all if this issue has come up before but I couldn't find it under the search. I also apologise for picking up on a dead thread. I looked for whitehat in the archives and came up with only... Tackhead on Wednesday July 19, @06:40PM EDT (#267) In all honesty, if I adminned a box and noticed ORBS probing it, I personally wouldn't mind that much, (assuming I wasn't one of the unfortunate souls for whom the probing apparently crashed the box!) 'cuz I know you're *whitehats*. But I can see why other admins (Umm... especially the poor guy whose box went down!) would react otherwise. Now you seem to be looking at this from an ORBS versus MAPS/ABOV standpoint. But did you also know of Paul Vixie's involvement in opt-in email provider Whitehat? I know he's amazingly able to ring-fence MAPS from ABOV in the ORBS debate and no doubt the same is true of MAPS versus Whitehat competitor, Yesmail. But not many of us mere mortals could do, IMHO. So I found your mention of whitehats, ironic. Chris
It was Canter and Siegel, spammed Usenet (not email) with offer to "help" with submitting green card lottery entries. It was the time when usenet was relatively spam-clean, and I remember that my first reaction was to look for a bug in my nntp client, as it received huge number of duplicate messages.
Contrary to the popular belief, there indeed is no God.
I don't know, what was the first email or usenet spam, however I remember seeing MAKE.MONEY.FAST file (classic "chain letter" pyramide scheme) long ago in early 90's. It probably was already very old by then.
Contrary to the popular belief, there indeed is no God.
I see from Alan's diary entry that he's going into a maintainence mode of sorts:
- he's stopping work on the 2.3/4 kernel
- he's going to continue maintaining the 2.2 kernel, but,
- he's heavily filtering his mail, so that only people who contact him regularly can reach him
This seems a little extreme....
Maybe he's just taking a little break while he rebuilds his new (old) house, but I can't help but wonder if everyone's favourite Swansea hacker isn't feeling a little burnt out these days.
Hey Alan, you out there? Is anything wrong?
Want to learn about race cars? Read my Book
Except this person you know, because someone else could crash it and as someone else pointed out that with code that potentially sloppy, its probably go other problems (buffer overruns, etc) too. Having been probed by ORBS myself, and having personally written the MTA code to make smap not vulnerable to relay attacks as ORBS found that the venerable smap had in it, I have very little empathy for your friend. I understand and agree with his frustration, but I also know for a fact that ORBS is not doing anything that violates RFCs or should crash an MTA that can handle standard RFC complaint headers. In fact, this is the first time I've heard of an MTA crashing from a relay probe.
In a former life, I wrote the code for NetSonar (Ciscos vulnerability scanner) that looks for relay vulberabilities in MTAs and in all the vendor products we tested (granted, there are bound to be products we couldn't test) I never saw an MTA crash from a relay probe. Your friends MTA sounds really fubared to me. At the very least, it should motivate him or her to get it fixed. If a relay probe is crashing it, that MTA has other problems IMHO.
If someone found a bug in your system, and you couldn't easily fix it, would you agree that it was reasonable for your system to be taken down every so often, every time some guy wanted to take it down, and the guy is not only *allowed* to do this, but *encouraged*, because Slashdot readers unanimously agree that, if your server can be crashed, it's your own fault for running a crappy server?
No. If my server had that sort of a problem I would fix it or try to find something that works better. Nothing is perfect, but if a solution exists to solve the problem (eliminate the bug) I will take that anyday over complaining about the problem or hoping whatever is causing it will go away - especially if I have no control over what is causing it like your friend. No offense to this person your know, but I still don't understand why someone wouldn't fix that part of the problem they have direct control over. Perhaps its the engineer in me, buts thats always the first thing I start with. I prefer the solution I can make happen now, rather than having to rely on someone else to either do something for me or to stop doing something. Again, keep in mind that when ORBS found problems in my MTA I personally wrote the code to fix it. So my perspective is a tad biased in that I have the capability to fix the problem myself and I am inclined to solve problems technologically, when possible, rather than rely on someone elses actions or inactions to solve it for me.
DOS is DOS. It doesn't matter if the guys doing it claim to have white hats.
No, intent matters. When I was being paid to break into a large corporation *by that large corporation*, I was using strobe (no nmap in those days) to find open ports on a class B network. A simple three way handshake downed ALL of that companies RAS servers. A feature of those RAS servers was that each modem was bound to it own port (2000 and up) so an administrator could access each modem remotely via telnet. Neat feature... BUT... the vendor didn't design the telnet daemon well. If you opened the socket with TWH, and then tore it down (like a connect() scan does) the daemon should have released the port back to the modem - because the session was gone. Thats RFC complaint behavior. The vendor however did not design it that way, and all the modems got locked out because the modems were waiting for input from the telnet daemon - which was listening to a dead session that had been torn down. A stupid bug to be sure - and it DID deny service to that coporation. Was that a DOS? Technicall yes, but its was intended to be a DoS, nor should that RAS server have acted that way. The RAS server was BROKEN. There was no excuse for it to act that way and the vendor eventually fixed it.
So, my point is that intent matters. ORBS is, I'm sure, not trying to DoS your friends system. And, it sounds like your friends system is very very broken. It needs to be fixed, because what ORBS is probably doing - and from past experience does - should not crash an MTA. ORBS could stop. They do not have to test this system. The only argument they have for testing it is the belief that it could somehow magically turn into an open relay. It's not an open relay. It won't be. In fact, the most likely outcome of their behavior is that the MTA will be replaced - and the result might be open. If they leave him alone, everything is fine. Only one problem with that: Alan can't accept a world where he can't fuck with anyone he wants, any time he wants. If you like this, I only hope you have the honesty to still stand up for it when it's your box being crashed by some asshole with a net-abuse-friendly provider.
--
Python
Python
That is NOT net abuse and I wish people would stop overusing this term. There is real net abuse and this is not it. An MTA that can not handle RFC compliant headers and is crashing because of it is not experiencing net abuse - it just buggy software that needs to be fixed.
--
Python
Python
Regardless, your friend has total control over fixing his or her server and therefore would mitigate their problem immediately and finally. Its obvious your friends server has a serious problem, independent of ORBS, in that anyone could crash it. So again, given that the solution, fixing the server, is obvious, simple and within your friends grasp. Why would your friend continue to operate otherwise?
--
Python
Python
Open relays are bad bad bad bad bad bad. There is no reason to run an open relay except out of laziness. SASL, pop before SMTP, authenticated SMTP, libwrap and lots of other methods exist, for free, to secure a relay and yet still make it possible for authorized personnel to use them.
We already tried the "Gee... lets just let everyone run their MTAs anyway they want" and it didn't work - we got spam. Then we tried asking please and that didn't work. Then we tried lists of known spam sources, and that didn't work. Then someone got the bright idea to scan for open relays so we could block them *before* the spammers started using them. It works wonderfully. Then someone got the bright idea to create a list of dial up users and that has worked out delightfully well too. Thanks to RBL, ORBS, DULS and other black lists we've managed to almost entirely wipe out our spam problem.
If you want to run an open relay, be my guest - its your business to run your box anyway you want. But I do not have to accept traffic from your relay just as no one is stopping anyone from blocking ORBS *to their systems*. No one is being forced to use ORBS either. But more to the point, sending e-mail to a box is NOT giggling its door knob. No one is trying to break into the open relay. Their just testing to see if it accepts mail to certain destinations and then making note of that. And intent MATTERS.
Using your example, what if the police came around, checked the door on my house, found it open and then told me about it so I could lock it. I would call that a VALUABLE service. If my neighbor did the same thing, I would also call that a VALUABLE service. Still, the internet is not a collection of houses. Its a collection of interconnected machines whose security posture in interdependtly related to the security posture of the systems around it. Spam is possible because MTAs accept messages as part of a wholy untrusted model. Open relays contribute to this problem by making it possible for spammers to relay their junk thru insecure servers, which directly effects the systems which are secure. Blacklists help mitigate this problem, but a wholy reactive approach like the RBL only catches a fraction on the traffic. Proactive measures, like finding misconfigured and poorly managed relays - and dial up host lists - can prevent future spam from being accepted BEFORE the damage can be done.
Intent and perspective make all the difference in this. ORBS provides a valuable and useful service. If you don't want ORBS sending your MTA an e-mail message, then block traffic from ORBS. Better yet, if you run an open relay - close it and help make spam go away.
--
Python
Python
no offense, kuros5hin's been posting "/. censors" posts for quite some time. if i was a /. editor i'd feel an urge to make the comment too.
/. holding the story? to check the facts (something else they get accused of not doing). and look at this and this. so now /., after being egged on by k5 folks and all the submitters managed to look like it both censored a story and jumped too quick.
/. looks twice as bad! now don't you feel better that rab and company look cool while you folks in the "/. are a bunch of posers and aren't we so hip to notice it" crowd can just feel all extra special and warm.
/. and other news sites to keep informed. i'll actually *do* something if i need to feel cool.
and why was
yeay,
whatever. i figure i'll just keep reading
US Citizen living abroad? Register to vote!
... because they publish dumps of their open relay lists here.. Whee, slurp in open relays and spam away!
Your Working Boy,
If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.
Perhaps a robots.txt equivalent for sendmail not enabled by default, so that conscientious admins can lock down their boxes and set the scanner to pass along?
Your Working Boy,
You wouldn't believe how long ssh takes to login when the load is 15.
Heh.. Try logging in with a load of >100.. Did that on an RS6k 7013-570 w/64MB RAM timing out on a massive mail queue (AIX 3.2.5 + sendmail 8.6.X).. Fun!
Your Working Boy,
Should the guy get a new server? Sure. But why should anyone be allowed to *FORCE* him to, when *HIS SERVER IS NOT A THREAT TO ANYONE UNDER ANY CIRCUMSTANCES*. Remember, it is *NOT* an open relay.
Legitimately, if this bug is enough to bring down the server, the coding is probably so sloppy as to present significant security flaws and buffer overflows as well.
If you're going to be connected to the internet, you're going to need robust, secure software. Does ORBS engage in any non-RFC-compliant communications? We'd hear of lots more issues if it did...
In other words, yeah, in theory, nobody should be forced to do anything they don't want to do. But in theory, communism works. Wake up and smell the packets.
I use the same rationale with our NT staff each time I run nessus probes on their servers.. if I can crash your server, just think what a malicious and crafty cracker could do with it..
Your Working Boy,
Sure, but above.net aren't doing that. What's happening is (approximately) that ORBS' upstream provider is telling the world that it can route to its networks (including ORBS) through above.net. Since above.net blackholes ORBS (as is their right - they're under no obligation to carry traffic they don't want and haven't agreed to carry) anyone trying to use these routes has problems. The fix is for ORBS' upstream to stop advertising above.net as a route to ORBS.
I've been begging... pleading... begging some more... for bigfoot.com to start using something like MAPS or ORBS. I wrote a HOWTO and had my bigfoot.com email in there, un-spam-proofed, so now I get 1 or 2 get-rich-quick schemes per day. I send each one to abuse@bigfoot.com, patiently saying on each one "you know, this came through an open relay, and MAPS or ORBS would solve this problem for you..."
Now that they're pulling this crap, I think my chances of getting a place like Bigfoot to start using their services is oh, somewhere around Zero.
What would be nice is some sort of tiered system on either service - say 0 to 10, where 0 is everything gets through, and 10 is "filter 'em all, and let God sort them out" and varying levels between the two... 5 would be some opt-in place that doesn't require double confirmation, etc.
Would that be possible?
They didn't. At this point - if you go an check the usenet flamewar that errupted on this topic - its pretty clear that Telecom NZ (ORBS ISP) accidentally routed ORBS traffic to above.net, which was binning it (as was there right).
There were a couple of truly offensive posts (I'm not linking them because I don't think the person who wrote them deserves the publicity) going on about how /. had sold out and was censoring news, and managing to get some racism in there at the same time, posted in two stories including this one. I mailed rusty. I expect he'll zap them.
/. haters are only a tiny minority on kuro5hin and their stories rarely make it to the main page.
/. is news-focussed I think it is quite appropriate for stories to appear on k5 while they are still rumour, but not make it to /. till the fog has cleared. I personally which michael had waited till /. could be authoritative.
/. has not interesting in rubbishing k5, thats just paranoia. k5 is tiny in comparison, and in my view really *shouldn't* grow to /.'s size.
Thats probably what prompted michael to mention it. In general the
Since kuro5hin is discussion-focussed and
Clearly
Having trawled through everything that was posted on kuro5hin and the usenet posts on this subject, it seems that:
1. MAPS did indeed blackhole ORBS, but opinions seem to differ on whether it has stopped. ORBS is in the habit or testing random relays without asking permission or having evidence of their use for spamming. Rumour keep arising that ORBS also trawls IP-space looks for relays, and that it is impossible to get them to stop testing you, even if you ask (which gets you put on their static list of sites that refuse to be tested). The MAPS guys consider this to be net abuse.
2. Other than ORBS, everyone involved denies that above.net falsely advertised routes for ORBS traffic. Paul Vixie seems to think the misperception (or alternatively the maliciously false accusation) arose because Telecom NZ (ORBS service provider) chose the wrong way of routing ORBS traffic around above.net. Above.net have, however, blocked ORBS traffic in their own network, which they have a perfect right to do.
Not true-- I have nothing to do with the process. All stories go into the queue immediately upon submission, and voting begins. Voting determines the fate of the story, completely. I *can* post things manually, but I don't, ever, and voting will always start right away whether I'm around or not. Just a clarification.
Oh yeah, and if anyone else was curious, as of today there were 3500 confirmed users on K5, and though submissions vary wildly, it seems to be between 5 and 20 per day. Of those, usually no more than 5 or 6 end up being posted, but that varies a lot too.
--
There is no K5 cabal.
I am not the real rusty.
--
There is no K5 cabal.
I am not the real rusty.
the front page on the orbs site also has a list of email addresses to complain to if you don't agree with MAPS's actions. quick cut 'n' paste:
go forth and complain.
--
Screw the anti-Spam bill, even if it makes it into law. I want cold calls made illegal.
:-)
Unsolicited email is less of an interruption because I'm already sitting there, going through my email. I'm in email reading mode, so it's not a distraction from what I'm doing. The damned phone can ring at any time no matter what I'm doing. It's a distraction, at the least, an interruption if I bother to answer it, which I usually don't. That's what answering machines are for.
Phones could disappear tomorrow, as long as I've got email and the 'Net, and I would rejoice
I guess I'll just have to hack up a device for my phone to identify cold calls and disconnect them before the phone rings.
While we're at it, we ought to get rid of all these businesses trading personal information. If I want to do business with you, I'll get in touch with you. You don't need to come looking for me. 'Cause even if I wanted to do business with you, now I don't, 'cause you've intruded on my life and tried to set the agenda for when and how I deal with you. Well, I'm the customer, so FUCK YOU! I'll take my money and (much more importantly) my time somewhere else, where I'm actually respected as more than just a gaping wallet.
Oh well, 'nuff ranting.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
> It certainly has taken slashdot long enough to
> put it up. This is obviously newsworthy for
> nerds.
Without question this story is newsworthy. It is for that exact reason that it should *not* have been posted until the game of he-said she-said that was going was resolved to some extent. Without all the facts, the discussion is not valuable at least if not counterproductive.
> I honestly don't think starting a flame war
> between kuro5hin and slashdot is ever
> going to be productive.
Agreed. However, it should be pointed out that the two sites appear to have different goals, and the question of which is better is prime flame war material.
Ben
I am afraid an article posted on June 25 won't be relevant to the current situation. Unfortunately, both ORBS's homepage and the following quote from a recent article by Paul Vixie in news.admin.net-abuse.email show that the situation has not clarified.
Ouch! For once I wanted to be wrong, only to have been premature in my euphoria. Indeed, it appears that above.net is behaving unethically and deceitfully, and that the appearance of "making up and shaking hands" was the result of an earlier incident in June, taken out of context as "spin control" to mitigate the justified outrage at their current behavior.
Shame on above.net (yet again), and many thanks for pointing out the discrepency (which I'd failed to notice).
The Future of Human Evolution: Autonomy
From The Register:
We deplore blocking terrorism, and in this case, since it isn't even a commercial battle, these tactics would seem very inappropriate.
I find this comment more than a little disturbing, probably because it is a shocking mirror of just how deluded and two-faced our collective "corporatised" ethic has become.
The implication is that "blocking terrorism" (to use the Register's phrase) would be more palatable if commercial interests were involved, but because the battle "isn't even commercial" it is somehow worse! I find this notion profoundly absurd.
An unethical action is just as unethical if done for commercial reasons as it is if done for private reasons. This notion of "it's business" and "it's my job" vs. "but I'm a nice guy in private" is reprehensible. If an action is wrong in one's private life, it is just as wrong in public or professional life.
What above.net is doing is wrong. Period.
I appluad Alan Cox and Kiri5hin for getting the story out, and slashdot for belatedly picking up on it (and, as an aside, I agree with others that slashdot's gratuitious bashing of k5 was unnecessary and unprofessional). There may not be legal recourse, but with enough bad publicity and enough customer defections the same result can be achieved: punishment and future restraint on the part of ISPs who would abuse the internet's trust model and undermine the usefulness of the net for all of us.
As I said before, above.net needs to be bitch slapped. Hard.
The Future of Human Evolution: Autonomy
1. It is completely within above's own right to cut off Orbs from its customers. If you are not a customer no point to complain.
2. Above has a very "interesting" proprieatry routing practice and traffic engineering. It is vaguely described on above site. Go and read.
3. There have been numerous times when above has shot itself in the foot using 2. Check nanog archive for details.
So:
1. There is no point on Orbs side to blame above for maliciousness when incompetence will suffice. It is quite possible that above is leaking routes not out of malice but due to their routing specifics. See 2,3 above.
2. Orbs are complete and utter idiots. Clueless as well. If someone starts blocking a open relay probing site this is not an indication of active spamming. Usually the opposite (see BUGTRAQ discussion from last Feb 1999 on mail address list collectors and Alan Cox's suggestions). Note that above actually uses the BGP form of RBL as well, not just mail relaying. And I am on above side here as there has been repeated cases when orbs have been actively used by spammers to seek and use open relays.
3. It is completely within telecom-newzeland's rights or UU-nets rights (as the upstream ISPs of ORBs) to bust above's arse. And if orbs had a clue they would have done the steps necessary for this long ago.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
The thread "MAPS/above.net monopoly is damaging SPAM-preventio" can be accessed at http://x70.deja.com/ viewthread.xp?thitnum=20&mhitnum=0&toffset=0&CONTE XT=964021144.53477398&frpage=threadmsg_i f.xp&back=news.admin.net-abuse.email&rok=1, or one can go to news://news.admin.net-abuse.email on your friendly local news server. The thread begins 10 July 2000.
If this is true (Dont know if you work at or run Kuro5hin), then it is good. You are gaining traffic for free. All you have to do is become compition with Slashdot.org and people who real Slashdot will also read Kuro5hin.
As an example, I never heard of Kuro5hin until now. I guess I'll start reading it.
Linux O Muerte!
Suppose that I seek out such neighborhoods by going from house to house, trying front doors to see if they're unlocked -- and then leave notes in people's houses saying that if they don't improve their security, I'm going to put their addresses on a billboard facing the nearest highway. Am I providing a public service, or am I the sort of malicious stranger that the community should protect itself against?
--
send all spam to theotherwhitemeat@ropine.com
Can some technically clueful and politically neutral person investigate and report what's happening?
For an ISP to misroute traffic bound for its competitor is indeed a sleazy tactic -- but since it's sleazy and likely to be discovered tactic, the damage to the perpetrator's reputation would probably not be worth the benefit. Therefore, I would give MAPS and above.net the benefit of the doubt until more information comes in.
--
send all spam to theotherwhitemeat@ropine.com
I would have to agree with many other posters that /.'s handling of this story was extremely unprofessional
kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post
I believe this statement was very dismissive and judgemental towards K5 and an apology is, IMHO, in order.
--
Quantum Linux Laboratories - Accelerating Business with Linux
* Education
* Integration
* Support
*Condense fact from the vapor of nuance*
I still don't buy it. You can say "maybe this will have other problems", but if in three or four years, no one has found a way to relay through the server, it is not an open relay.
ORBS claims to be blocking open relays. In fact, it is doing a lot more.
ORBS is abusing the net. Yes, a malicious cracker could do the same thing - but if they didn't pretend it was about stopping spam, no one would tolerate it.
Think about it. Wouldn't *you* expect someone to be kicked off for willfully and repeatedly crashing a box using a known exploit?
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
It's not really a friend of mine, just a guy I know.
Anyway, he doesn't "fix" the server because, except in terms of *ONE* person doing *ONE* thing, it *isn't broken*. It runs. It doesn't relay mail. It doesn't crash unless ORBS probes it. It doesn't open anyone up to any kind of security problems. On the other hand, it *does* do what he wants, correctly, and without further administrative effort.
If someone found a bug in your system, and you couldn't easily fix it, would you agree that it was reasonable for your system to be taken down every so often, every time some guy wanted to take it down, and the guy is not only *allowed* to do this, but *encouraged*, because Slashdot readers unanimously agree that, if your server can be crashed, it's your own fault for running a crappy server?
DOS is DOS. It doesn't matter if the guys doing it claim to have white hats.
ORBS could stop. They do not have to test this system. The only argument they have for testing it is the belief that it could somehow magically turn into an open relay. It's not an open relay. It won't be. In fact, the most likely outcome of their behavior is that the MTA will be replaced - and the result might be open. If they leave him alone, everything is fine.
Only one problem with that: Alan can't accept a world where he can't fuck with anyone he wants, any time he wants.
If you like this, I only hope you have the honesty to still stand up for it when it's your box being crashed by some asshole with a net-abuse-friendly provider.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
I don't see any abuse of the net in some guy being connected to it with a server that will never, under any circumstances, cause trouble for anyone else.
I do see abuse in someone being connected to the net and continuing to crash a system after being asked to stop doing so. Maybe the system should be crash-proof. It doesn't matter; once you're told that you're triggering crashes, continuing to do so is script kiddie behavior.
It comes down to whether or not Alan Brown gets a special license to crash systems at will, which is unique to him and no one else is allowed to do it. I don't see why he should.
Remember, we are *not* talking about an open relay. We are talking about a box that cannot be used as the basis for any kind of attack on anyone else. It may be flawed, but its flaws are harmless to everyone. ORBS may also be flawed, but its flaws have people being paged at 3AM around the world.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Remember, the "flawed" system in question does *NOT* allow for *ANY* kind of attack *WHATSOEVER* against the rest of the world.
If you are going around searching for guns, and you find a house with no guns, and accidentally set it on fire, and you keep coming back and setting it on fire, even though you know the owner will never leave a gun in his house, and always leaves the door locked...
There comes a point where the only responsible thing to do is stop probing a given host. If Alan were capable of seeing beyond his own ego justifications, he would be able to leave people alone. But, for now, we are in the world where, if you don't recognize Alan's self-granted right to interact with your systems in any way he wants, he'll tell people you're a spammer.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Maybe anyone *can*.
But, in a number of cases, only Alan Brown *does*.
That's why he's a black hat, not a white hat.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Okay, imagine that you're running a version of Linux that has a bug, such that a remote user can crash your box.
This exploit is not widely known.
One guy decides to try to test for a possible security hole. You don't have the security hole, but his test crashes your computer.
How is this your fault? The bug isn't being tickled except when someone attacks you.
Now, in the ORBS case, it's worth remembering that ORBS *knows* that this server is secure, and *knows* that this test crashes the server.
Should the guy get a new server? Sure. But why should anyone be allowed to *FORCE* him to, when *HIS SERVER IS NOT A THREAT TO ANYONE UNDER ANY CIRCUMSTANCES*. Remember, it is *NOT* an open relay.
ORBS may be "designed" just to test, but they know they are crashing some people's computers, and they don't care, and they won't stop. It's not about stopping spam, it's about forcing people to jump when Alan says "jump". That's not *preventing* net abuse.
Finally, no, it's not the case that "anyone" can have their system taken off the list. If your system is listed *for relaying*, you can be taken off the list. If your system is listed *for complaining*, nothing will get it taken off the list except saying "Thank you sir, may I have another."
If ORBS were only about open relays, and they were willing to leave people alone once those people were not open relays, I don't think anyone would mind them.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
If I tell you that a system does not support a given extension to an RFC, and will crash if you attempt to use it, and you have no intention of actually using the provided service (e.g., mail delivery to my users), and I tell you it's causing trouble and you keep doing it... Yes, it's net abuse.
If Alan were trying to not crash the server, he'd stop probing it.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
I don't think above.net is "competing" with ORBS. You might say that MAPS is, but really, they're going after totally different goals, for different reasons.
ORBS is about blocking open relays, and about blocking people who don't like the massive testing and retesting they will do of any computer they've ever heard of.
MAPS is about stopping email abuse.
When you think about it this way, it's obvious that MAPS has to list ORBS.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Thanks for that note, rusty!
I thought I remembered reading that a few months ago when I found your site - guess I was wrong and I should have read it again before I went off and posted.
But you bring up some semi decent questions, but they are ones that make perfect sense if you think about it a little bit.
/. (Yes, I have a kuro5hin account too, and I have submitted my fair share of messages and stories). Now, how many things get submitted over on Kuro5hin? /.?
Look at Kuro5hin. Look at the number of stories that get posted - what is it, about 5 or 10 a day? As rusty says, if he does not accept it immediately, he turns it over to the readers to vote on.
Now, I have no idea how many users are on Kuro5hin, but I am willing to bet it is a hell of a lot less than
I saw emmett here in Kansas City at the Linuxfest 2000. In his talk he said there were something like 600 submissions a day. Even with all the duplicate submissions, that is ONE HELL OF A LOT! Say only 10% of all the submissions are unique - that is 60 stories a day. Of those I am sure a lot of them are absolute crap. And a lot of them probably don't have links. So say only 2/3 of those are any good. That is still 40 a day, which in some respects is a bit overboard to try and keep up on.
Without passing judgement on the quality of either system, let me say this:
1) A simple probe to see if a mail server is relaying or not is by no means an 'attack' and does not harm anything.
2) The only reason any of these services work are because ISPs *CHOOSE* to use them. THey do not censor anything themselves, the ISP DOES.
A fundamental principle behind the internet is that each piece of network can grow *as it wants to* carrying whatever traffic *it wants to*. IF they want to block traffic based on what a third party says.. that is THEIR RIGHT.
There was no intent to beat up on the site. I like kuro5hin, I have an account there.
The intent was to beat up on the conspiracy theorists, who mainly reside on slashdot.org but seem to have migrated to k5 as well.
I hope people can see that the site and the posters are two distinct entities.
--
Michael Sims-michael at slashdot.org
Lonely Lily was a Usenet spam that came out of some place in China (I think it was China -- maybe Taiwan or Hong Kong). The spam was for a porn site, and the sender spoofed it to look like it was sent from pobox.com. People did track it down to the real originating host and managed to cancel the articles.
Oh, go on, check out my job.
Please take this as constructive rather than destructive. I think that slashdot would benefit if it would communicate better with its audience. We have a tendency to be suspicious of everything and Slashdot has done little to quell those fears of it becoming a big corporation. Most people here equate Big corp==Evil rightly or wrongly. Once Slashdot got bought out by Andover those fears have gotten worse with time and Slashdot will probably always be questioned for alternative motives. I think it would benefit everyone if a state of slashdot/future of slashdot is posted not just as an article but somewhere in the more static pages. (at least a link somewhere on the front page to it). I dunno maybe its just pointless, but I would like to think that I can trust people better who explain their motives (at least a little bit).
One of the problems occuring in this epic battle (must make it seem bigger and more dramatic than it really is) is above.net playing games with the BGP4 routing tables.
/dev/null. It certainly is causing problems in Europe, even though the guilty party mostly hauls traffic across the pacific ocean. It is also causing neigboring sites in 202.36/16 to disappear.
/. community to argue the finer points of who is evil, who is selling out, who is saintly, who is spamming/cracking. Most of it is name calling. A real, old-fashioned internet flame fest!
/.'s slowness in posting this story. Its been all over news.admin.net-abuse and #NANAE since mid-may. Give it a few more days, and someone will yield, hopefully ORBS and Alan's uncooperative policy of victory at any cost.
Since I am off in remote (in internet terms) places on a special project, I can't really see what is going on with the BGP routing tables. But people have been pinging me over the last few days because someone is poisoning the route info to get to ORBS.
Someone is injecting false BGP4 routing information into the internet, to advertise shorter routes to the whole class B subnet (202.36/16) containing ORBS class C subnets (202.36.148/24). This effectively sucks all the traffic to their routers and then to
I'll leave it up to the rest of the
I was a bit concerned by
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Responding point-by-point:
Frankly, I don't have time to keep up with the spammers. They find new open relays every day. I'm just as happy to let someone else spend 10-12 hours a day chasing them, and if they block something I don't like, I don't have to use them.
That's the point, my friend! They change dynamically, just like the spammers do! If a site I was talking to days before gets a new admin, a new version of FooMail, a new routing table, whatever, and the spammers start abusing it, I want it blocked until the admins fix it. And once it's been fixed, these blackholers are traditionally very responsive in removing the system, just as dynamically.
Fortunately, there are more than one, and you can mix and match your blackholing sources. Would you rather have a single source and no choice at all? Besides, there are going to be petty disputes over everything, no matter what solution we choose.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I find it funny when there is such a great evil abound that is so evil that the good guys start fighting each other about it.
Really, the best people to benefit from this war arre going to be the spammers. Why don't they do the corporate thing and merge?
Frankly, I don't have time to keep up with the spammers. They find new open relays every day.
I don't know why we need a service for ORBS. Why can't I just adjust sendmail to not recieve mail from open relays, i.e. do what ORBS dose, but keep no database. Shure, it's more email load for the internet, but these are small infrequent transmitions so it wont bring anyone's system down.
Fortunately, there are more than one, and you can mix and match your blackholing sources.
Now, this is a good idea execpt some lists (ORBS) are much longer then others (MAPS), so you really need a thumbs down, neutral, or thumbs up flag, i.e. block everything ORBS tells you to block unless MAPS specifically says not to block it.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Man I miss the days where when someone spammed, or crossposted unrelated material on usenet, their site was attacked by crackers and severly damaged. Unfortunately that it is illegal, and there are too many sites and people who need to be taught a lesson.
Those were the good old days.
Disclamer - Opinion of Person
Frankly I expect most spammers to ignore the law, but if anyone gets caught spamming, the prosecutors can whack them hard enough with these laws to keep from doing it again, even if they can't pin other offenses like fraud or FDA violations on them. Sort of like sending Al Capone up the river for income tax evasion rather than for murder, bootlegging, and promoting gambling and prostitution. Hopefully, anyway.
You're probably right about pushing this offshore, but I'm willing to bet that US citizens sending spam from the US to the US by way of an offshore open relay will still be prosecuted under the law.
--
Someone you trust is one of us.
is taking so long, look no further than here.
/. crew have nicely saturated our server with hits, and actually made the Dual PPro 180 w/ 256mb of ram swap (I've never seen it do that before).
;-P
12:09pm up 1 day, 18:21, 1 user, load average: 13.08, 13.59, 13.66
The
You wouldn't believe how long ssh takes to login when the load is 15.
Thanks for not censoring this story by DDoSing the competition or anything, Michael
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Seebs is 100% correct.
ORBS attacked my site with their probe attacks.
I sent them a e-mail:
1) Asking why they attacked my site.
2) Asking them to provide proof that my site was used for spam.
3) Asked for this information to be sent via snail-mail, as I would be adding thier hosts to my access list as REJECT.
They attacked it, and within 8 hours I wrote my letter....why was I able to write in 8 hours? I watch my logs (like any good sysadmin) That is why I wanted to see PROOF of the 'spam'...if I didn't see it in my logs, I wanted to know how a spammer would have done it.
In fact they had me in their 'cartoonie threats' catagory BEFORE their automated system listed my site as OK.
And now, I hear my site is listed as "selectivly open relay", when the reality is that my host is not, nor has it ever been a 'open relay', selective or not.
If ORBS was reasonable, then I'm sure they would have the good will that MAPS has. But, given ORBS bullying tactics and placing hosts in their lists because they object to blind probe attacks, ORBS should be listed in MAPS!
If it was said on slashdot, it MUST be true!
I'd cut them some slack here. I think it's laudable to try to verify such an inflammatory story rather than rushing to get it posted.
- The Boston Lunatic
The life of a journalist is a hard one. Hey, there has to be some downside to the power to cloud men's minds. :-)
Seriously, as long as you've been honest and honorable (which you have), that should be a sufficient moral defense.
- The Boston Lunatic
Since this is being posted several days into the story, I doubt anyone will read it. Nevertheless, here's a link to further coverage on The Register.
Right so far.
Wrong, wrong, wrong. If you are smart enough to run a server you have to be smart enough to know you are talking out your tailpipe here, so the conclusion that you are deliberately lying is a reasonable one that many readers can be expected to make.
As you must know, what ORBS does is use the same checks a spammer would to find exploitable open relays to use, but UNLIKE a spammer, instead of exploiting your security holes, they inform you of them (or at least make a legitimate effort to inform you of them, more on that in a moment) and DO NOT PUBLISH the problems they have found unless you refuse to rectify the situation within the next 30 days! IF you refuse to fix the problem within 30 days, it does not seem unreasonable to suppose that you have no intention to fix the problem, and therefore it makes perfect sense that they feel the need to publish your site as one that their subscribers will not want to accept traffic from. If this is wrong, I'd love to hear you explain why.
No, it looks like they have implemented an effective way to fight spam. MOST system administrators are quite happy that ORBS is out there trying to find security problems BEFORE the spammers do, and notifying responsible parties BEFORE their equipment is hijacked.
The fact that you object to this certainly suggests to me that YOU, not ORBS, might be fronting for spammers.
I think I understand you perfectly, I think most people reading this will understand you perfectly, and I think Pi showed complete understanding of what you are saying when he wrote:
When you block their traffic, refusing to allow them to inform you of the problems they find in your network, what option do you leave them? Should they bother to snail-mail someone who is so obviously carrying a chip on your shoulder against them? I certainly wouldn't. Even if you aren't a spammer or knowingly providing services to spammers (which is a reasonable suspicion given your own account of the situation) then for whatever other reason your attitude is going to make it pointless for them to waste their time trying to talk with you. They made a reasonable effort to contact you, you chose to do the equivelent of sticking your fingers in your ears and chanting while they talked... you deserved what you got, and probably a lot worse.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Unfortunately kuro5hin is currently slashdotted so I cannot link to the post to the conversation of the original submitter of the story. This story broke yesterday, the reason it got to kuro5hin so quickly was because someone read Alan Cox's diary and posted it.
To put things in perspective kuro5hin has an average of 2 or 3 stories in its submission bin at anytime while slashdot has over 400 (the last few times I've submitted a story it's been 450). So it is understandable if it takes them a little longer than kuro5hin to get a story posted since all it takes is a handful of yays to get it to the front page.
Remember also that just yesterday slashdot got bitten by a fake story and don't forget the story about the Oracle NIC violating the GPL that turned out to be bogus (can't find the link for some weird reason). Frankly I applaud Slashdot for showing restraint in posting this instead of rushing this to the front page like the many Bruce-Perens-someone-is-violating-the-GPL stories that could have been settled amicably by sending an email or two but instead turned into public tar-and-featherings.
i fail to see your point. ORBS crashes some mail servers? How is that ORBS fault, it seems like a bug in the mail server. After all, ORBS is not designed to crash systems, merely to test them.
You complain that ORBS lists servers that do not cooperate. Well, if they didn't, obviously the system would be totally ineffective.
You claim that ORBS blacklists people who complain about them. How is that possible? Anyone can go to the ORBS site and have their system tested and taken off the list if the test passes.
The point of ORBS is they are a big bully with a stick. If you have a misconfigured mail server, they whack you. Yeah, it's tough. But it's the only way to do things. Saying "please" doesn't cut it. Everyone acknowledges that open relays are a problem - someone has to put pressure on companies, indivuals, and ISP's to put forth the effort to change them. If you are an IS guy, ORBS can be your friend. If you need a better mail server, telling your boss that it would be nice if they spent money and time and got a new mail server because your current one may allow spam is usually ineffective. Your boss doesn't care about spam. But telling your boss that the company could be blacklisted if they don't upgrade is a different story. You'll get what you need to do a proper job.
- Your friend's mailserver is a security vulnerability. The vendor-provided update should be installed pronto.
- I have witnessed one incident with a mailer crashing in the past and have been very helpful with the administrator of said server. I went as far as temporarily blocking access from the tester on our border router. It was in the planning to even add explicit banner-checks for mailers that choked on this particular test if more reports came in (none did).
- They're not telling people you're a spammer if you don't allow their probes. They are telling people that they cannot verify that you are a spammer and leave the jumping to conclusions to implementing parties. Paranoid people will feed their rejects out of relays.orbs.org and dump you. The more optimistic admins will simply add a score-tag or take the inputs.orbs.org zone and let your mail go through.
- ORBS didn't retaliate by farming out the relaytester. It was consistantly hosted by MIS, until telecomNZ got pressured to force them to drop it. Then it was consistantly hosted by Vuurwerk. It was moved out of necessity, not out of strategic considerations in an attempt to piss off administrators and thwart their security policies.
HTH. HAND.Pi
Yea spam works for the clueless. Per day there is always a "net newbie" some where. The first time of spam you got when you "jacked in" to this new weird "Internet super highway", you read it right? You thought "Who is this and why are they here" and though "hey this looks kinda shady..." or "hey this is kinda intersting". This is how it works. After you second day on the net you say "goddam quite sending me this stuff", but
there is always someone saying "How nice of them, I just signed up 2 minutes ago to my ISP and they are mailing me a way to make millions on the Internet, thank you buba_make_money_juice@hotmail.com, you are a kind soul"
After you say get 5 spams, you just stop reading them and you build an natural defense for spam where it no longer works.
I wonder what the first spam ever sent out was?
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Hi. Read this: http://www.kuro5h in.org/?op=displaystory&sid=2000/7/18/122257/231. Please don't b-slap me; this is important!
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
Now, most mail admins for larger companies aren't as lucky. Of course, one can argue the wisdom of running with software we all know to be substandard, but a fact of life is that there are a lot of folks out there who do not have the luxury to upgrade something the PHB thinks is doing an okay job.
Heck, part of my perceived good track record is the fact that I kept a piece of junk called cc:Mail alive well beyond its design limits for the better part of four years. I did this by employing tactics like rebooting the SMTP gateway every half hour, duplicating the thing and setting up equal weight MX records to distribute the load, etcetera.
The problem is, everyone knew cc:Mail was a piece of sh^H^Hpowerful fertilizer that grows your business. But as long as the PHB sees his salesman on the golf course and gets the confirmation that if his staff can't keep the server alive, it's the staff that's incompetent, because, here, look: FooBar corporation uses the same software and it works just well and that's a really nice shot, shall I retrieve your golf ball from the bunker?
The bottom line is that forcing people to upgrade their system is not particularly going to be good for the poor sod who actually runs that system.
I'm always grateful when really damning bugs appear in software I don't particularly happen to like. But I frown on the practice of ramming upgrades down peoples throats.
cc:Mail was replaced by lookOut. I refused to go implement that, so people were hired to do that. I just do the firewall now. Not everyone is so lucky, or willing to speak up against powerful PHB's, or... you name it. Welcome to corporate reality.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
All I said was that if you want to stop spam, you gotta make it cost companies more to send it than they hope to get back. There are a lot of ways that a consumer can cost a company money, many of which are perfectly legal. Your habbit of calling their 800 numbers is along the lines I was talking about.
Information wants to be anthropomorphized.
Spamido, or, Zen and the art of spam avoidance
Government of the people, by corporate executives, for corporate profits.
Yup. Unfortunately, spammers don't play by the rules. They frequently break into e-mail accounts, or coerce the gullible neophyte to provide an account name and password. Therefore, forgive my skepticism, I doubt there's much that the government can do about it.
Lots of spam originates from XXX websites, and from people selling CD-ROMs of e-mail addresses. There's absolutely nothing to stop you setting that up offshore. Liberia, for instance, has laws that protect the anonymity of company owners; this anonymity is a big reason why a lot of ships fly the Liberian flag - less personal liability to the owner.
All you'd need to do is register a Liberian corporation (which does not require citizenship or even residency), get an account with a Liberian ISP, and spam to your heart's content. The Liberian government wouldn't provide your name or any other information to you, even with a US demand.
There has to be a way to put a stop to that possibility.
Those were the good old days.Back when Usenet was still useful. Back when you could put up your e-mail address on a webpage that would be viewed by either Lynx or Mosaic exclusively. Back when my e-mail took seconds to download, even with my old acoustic-coupled 300 baud modem...
<sigh>
The only solution that would do this is to declare war on spammers, and attempt to hack all of their systems to their knees. But, legislation would have to be in place that respects the self-governing nature of the Internet and ensures that acts of electronic vigilantism like this are only allowed to be directed at those who are, indeed, by legal definition, guilty of spamming. We don't want to legalize DDoS attacks agains Yahoo, etc.
Fire and Meat. Yummy.
Be sure to do this at pay phones. Extra $0.35 or so charge to the bill.
Ooh, good idea!
And, how many of you have sent bills to the spammers and then taken them to small claims court when they didn't pay?Sadly, I'm in Canada, so while it's been tempting, it would be rather hard to collect and even more difficult to bring a court case, since most of the spam I get comes from American spammers...
Fire and Meat. Yummy.
So, you're essentially advocating that I use electronic stamps to send e-mail? How else would it work?
The problem is that spammers either pick up an AOL trial disk, set up the account, and send messages until the account gets canned, or they find myriad different ways of breaking into existing user accounts. Very few spammers legitimately call the ISP, ask for an exclusively e-mail account and a broadband connection, because fewer ISPs would accomodate them.
As such, the costs of doing such a thing would be borne by the general internet populace in the form of a per-e-mail charge.
Do you really want that?
What about mailing lists, an early and still popular form of internet discussion? Are we ready to see that die, or will they be financed somehow?
What if someone hacks your e-mail account and sends 100,000 spams out? You'll end up footing the bill, the spammer would be long gone to someone else's account.
The only way to control spam is to make it very undesireable for spammers to do so.
I make a point of running up the toll-free long distance time on the phone numbers they advertise, or of sending a copy of the spam to the hosting provider of every website they advertise. Most of the hosting providers are happy to know and delete the account immediately.
A few people taking small measures like this can make huge hits to their bottom line.
Fire and Meat. Yummy.
The solution is a central 'distribution point' and 'multiple authorities'; ie: per email your server could request blacklist info on the host in question, and various authorities could have crypto-signed a "blacklist item" as blacklisted for some particular time period specified in the signature, and renewed weekly. The mail system could then decide how many sigs to blacklist the host; a system like that could be decentralized, also!
Why is it necessary to disrespect kure5hin? Sure, it's not as big and geekpure as /. but there is no need to get defensive about being scooped on the story after you held it for so long. Also, is refering to what you would normally call an informative post as a "seemingly cluefull post" meant as a backhanded compliment? That's how I read it. So much for an "open" community.
"These are the days that must happen to you." -Walt Whitman
A flame war is certainly counter-productive for slashdot, because if they have some beef with K5 (and I can see it, I mean it is a lot like slashdot, and it's natural for humans to not like their competitors, even if they haven't done anything too wrong), bringing tons of traffic to K5 isn't the best way to deal with it. If they want K5 to go away they should just ignore them whenever possible.
The most interesting point here is that Kuro5hin goes out of their way to not diss slashdot in their postings on slashdot, and Rusty seems pretty non-confrontational about it. It's just slashdot now who are starting complaining. I'm not saying /. shouldn't complain, I don't know the whole history between them (ie. did K5 start as a huger ripoff of /. , that sort of thing.)
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
On the first link, yeah, ORBS is not saying it is in the Black Hole, but that above.net has been issuing router pollution all by itself to make orbs.org unreachable to chunks of the internet. See what ORBS themselves has to say. I don't think they're going to say this stuff unless they think it is true!
-Andy
But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."
I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.
Personally I'm getting a little sick of this. I got flamed up and down for running the story about Ryan Meader's leaked plans for the Apple Cube; I saw a dozen "proofs" that he faked the whole thing right down to the letter from Apple. And what did Apple announce today? The Cube. Please send your lengthy apologies complete with $50 checks or money orders to: jamie@mccarthy.org. Thank you.
More seriously - your rude remark about "book-content fodder" is bunk. You know, or should know, that Slashdot has already decided not to run a book of readers' comments without getting permission from those who posted them (which basically means not running the book at all, because 100% of the readers will never respond).
It's easy for you to whine about how unfair it all is that Slashdot is delivering ad banners, but when it came down to brass tacks, we yanked an entire book and probably lost a lot of money, because it was the right thing to do. Of course, acknowledging that would just distract people from your point, which was, obviously, to bash us.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
The fix is for ORBS' upstream to stop advertising above.net as a route to ORBS.
Yes, and that is a reasonable fix.
However, my understanding is that ORBS went much further than that: they advertised routes with very low metrics designed to lure packets away from valid routes which wouldn't have gone through them at all. This had the effect of shutting down legitimate routes which had nothing to do with above.net.
The fact that there may be a fix (hell, pulling the plug on above.net altogether would be a fix) doesn't make what they did any less reprehensible and inappropriate.
I say this as an unaffected, non-ORBS using observer. If above.net was trying to destroy their own business, I can't think of too many ways they could have started more effectively. I am sure there are many thousands who are far more ticked off than I am.
The Future of Human Evolution: Autonomy
Once the site (K5) recovers, please, everyone go and read it, and decide how "bashing" it really was. It was never my intention to bash /., I like the site a lot. I didn't intend to start a flame-war. All I did was ask some questions that inadvertently questioned the integrity of our gracious hosts, Taco, Hemos, et al. A simple answer of "You're on crack!" would probably have sufficed.
/. was a reliable source of breaking-news in the technology sector, a source of obscure scientific research and a valuable resource of technical information.
/. has grown in readership, the stories chosen by the editors for posting on the front page have changed. They are not nearly as edgy anymore, and tend to 'cater to a mass-mentality' instead of trying to inform individuals.
/. picks up the pieces a bit later.
/. readers; or are they running the biggest troll of them all in exchange for payment for most ad-banners served?'
Here's the jist of what I had to say:
A pretty long time ago at this point,
As
The topics covered are more political and opinion-feeding rather than factual, and they are a lot less timely. News breaks elsewhere now, and
Now, my "bash" consisted of asking "WHY?"
Is it that the editors are that much more busy, now that they get paid to do what they did brilliantly for free? Is it that Andover wants some assurance that a story isn't being fabricated, just so someone out there can take pride in being slashdotted? Are the stories chosen specifically for the amount of opinionated discussion they will create, possibly for book-content-fodder - since there is less fact and more opinion with each passing month?
Or (and here's the "bash") are the editors getting some benefit from bringing in more and more eyeballs, and so they choose the more dilute stories to post, so they will be accessible to more and more eyeballs?
My subversion simply asks, 'are Rob and Jeff catering/reacting to the interests of
If I'm making unfair accusations, I've already offered on K5 to print my post and eat it before a live audience. But it has been a really long time since we've had a "State of the Slashdot" article from Taco; perhaps it's time for a Slashdot Interview with the Slashdot Staff; just to get this kind of thing off of my (and our, perhaps) chest?
-- What you do today will cost you a day of your life.
>> kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
> Why did you mention that?
Because if they didn't, then someone would accuse them of censoring that story.
--
Sheesh, evil *and* a jerk. -- Jade
I think its pretty stupid to start crappin on a poster in kuro5hin that thinks slashdot was censoring this story. It certainly has taken slashdot long enough to put it up. This is obviously newsworthy for nerds. This story was up yesterday on kuro5hin and it has to go through moderation by the whole community whereas slashdot only needs one moderator to approve it. I honestly don't think starting a flame war between kuro5hin and slashdot is ever going to be productive.
kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true.
Isn't this a Slashdot is censoring the story post?. How about this one? The post isn't attacking K5, all it points out is that there were several posters on kuro5hin who post slashdot-is-censoring-the-story-messages daily on kuro5hin. Frankly I read K5 everyday and literally every two or three stories has somebody complaining about how slashdot is censoring the story.
PS: Now for a real conspiracy, ask why slashdot hasn't posted this story. It has beeen submitted several times by myself and others on kuro5hin but is always rejected.
I love how, if we post cutting-edge information that hasn't totally been verified, we get flamed for being "just a rumor site." But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."
I used to get upset at getting flamed on Usenet. I don't anymore. Why? Any time you put something vaguely controvertial up in a public forum with a reasonable amount of readers someone will disagree with it. Out of those with disagreements, there is a fair chance someone will fire off a response without their brain in gear. Or even post a reasoned rebuttal - scary but it does happen. Slashdot is about as public as it gets - I note the number of UserIDs appears to have run passed 200,000 now so I'm not surprised in the slightest that thoughtless stupid flames get received by /.
I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.
Have a Ramapant Speculation section then for unverified information. Make everyone happy. Give it a extra icon that can be added to show once a story is verified or refuted.
Just my 2c. And ignore ignorant flames - they can go in the bit bucket. Just make sure whatever filter you use recognises real constructive critism as well! :-)
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Question: Do any Slashdot readers really think SPAM is an effective form of advertising?
Right. But they're not doing that.
I am not an above.net customer. Nevertheless, they have taken the choice of whether or not to use ORBS away from me. Thus, they have denied a non-customer the right to use that service.
The fact that I have until now chosen not to use their service is irrelevent: I resent having that choice taken away from me as a result of above.net's behavior.
From what I have read above.net are denying others access to ORBS, by advertising null routes with very low metrics to the rest of the net. This has apparently caused links which could be routed to and from ORBS to non-above.net locations via either above.net or an alternate backbone providor to default to above.net (a lower metric says "I am the shorter route, use me!"), where they then get routed nowhere.
This has the effect of blocking ORBS from ISPs and users who are not above.net's customers.
Above.net denies this. ORBS broadcasts the assertion. Other observers who appear to be less involved (read: more neutral) have commented that ORBS assertions as to cause and effect appear to be accurate, even if their assertions as to motive may not be.
Add to this that ORBS has apparently shut down their service altogether. This could be a publicity stunt, but I think most reasonable people would suspect it has more to do with technical problems stemming from above.net's behavior than political fallout.
Taken as a whole, it appears that the accusers have offered significant evidence of wrongdoing, while the accused have responded with disclaimers and denials, but no evidence to refute the accusations. As a neutral but technically competent observer I am, for the moment, inclined to believe what others have apparently confirmed.
I'll reiterate: what above.net is doing is wrong. It is unethical. It is immoral. It is reprehensible. And it is destructive to the very trust model upon which routing throughout the internet relies.
They may not be in legal trouble (though I suspect even that stance is open to dispute), but they are in a whole lot of PR trouble, and they clearly deserve to be.
If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.
The Future of Human Evolution: Autonomy
There was an interesting discussion about this yesterday on K5.
The views on this controversy are diverse and conflicting, to say the least.
My personal take: I don't use ORBS and I have no opinion on the quality or fairness of ORBS' anti-spam service, but for another entity to unilaterally deny users who are not their customers the right to use the service, however flawed it may or may not be, and to do so by undermining the very IP protocols we all rely on is reprehensible in the extreme.
That above.net offers a competing anti-SPAM product is not merely suspicious, it is damning.
Finally, what happens if other competitors start advertising bogus routes to competing web pages or services?
IMHO above.net needs to be bitch slapped, hard.
The Future of Human Evolution: Autonomy
ORBS is not like MAPS. MAPS relies on submissions and actual proof. ORBS has a policy of 'blacklist all by default, if not, go out and hunt them down.'
/24 that www.orbs.org is on, as well as i2bs.com, probably half or all of dN.net (Verislow's digitalNation), and anything that so much as looks like ORBS. Sure, you may lose some legitimate traffic, but miniscule at best. And the only way ORBS is going to get the hint that their methods and policies (or lack thereof and/or lax enforcement and/or personal problems/mental problems) are NOT welcome is if they suddenly find themselves shut out.
In other words, ORBS is a hostile system, which will deliberately and intentionally probe your mail servers without provocation, without permission, and then blacklist you and refuse to remove you, whether or not you fix it or a problem really exists. I have had to deal with the assholes there before. They're worthless. Anyone who would respond to an email requesting to be removed as the blacklisted server is not a relay with the words, and I quote "use a real mail server" and calling the administrator an "idiot" repeatedly... well, draw your own conclusions.
ORBS also appears to either be utilizing systems outside of their network for scanning to evade the blocking that hundreds of ISPs use against them (which results in ORBS blackholing them). Possibly cracked, possibly legitimate. I don't know - all I know is that I have always treated ORBS as a hostile entity after I saw them attempting connections on a variety of ports to a mailserver. I've been keeping ACLs up to date to keep the assholes out since.
MAPS realistically *should* be blackholing ORBS, and likely DOES (I don't subscribe to MAPS, RBL, etc - I feel the methodology is flawed.) due to the fact that ORBS deliberately seeks out relays. I wouldn't put it past ORBS to be selling open relays, perhaps their entire black hole list, to spammers. They've proven to be those kind of people in the past, and still are.
Those of you looking to block ORBS, I'd recommend dropping all packets from the entire
=RISCy Business
your company here.
shelby != ford
MAPS - is about preventing abuse of the mail system, in any form. Present methods of abuse are mainly centered around direct-to-MX spam from dialups with lax signup policies, DOS attacks in the form of multi-megabyte mainsleaze "we sent you an MPEG of our latest 30-second TV spot" marketing firms, and yes, spam relayed through insecure relays.
Loosely categorized, that's MAPS DUL (the dialup project), MAPS RBL (The Realtime Blackhole List, designed for firms which continue to spam unrepentantly and for which every other means to have meaningful discussion has failed, and MAPS RSS (Relay Spam Stopper, a blacklist of open relays.)
ORBS, by contrast, concentrates only on adding open relays to its block list, and has a method of checking those relays which results in it probing machines, often repeatedly, and most importantly, even against the express wishes of the system administrators of the machines being probed.
ORBS is not a spammer, but there's a legitimate argument that says they're abusing the servers they contact. They have great intentions (with which the road to the RBL is paved). But the bottom line is that if you - be ye a spammer or be ye a relay-checker - probe my box, I'm gonna be pissed. If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.
This is nothing new. ISTR that ORBS lost their connectivity for a period of time from BCTel as far back as 1997/8ish for this - people being probed complained to ORBS, ORBS didn't stop probing, so they did the right thing --- complained to ORBS' upstream.
Back to the present day and "pissed". If ORBS' current upstream isn't gonna stop 'em, then I'm gonna document my efforts. Having emailed ORBS folks, spoken to them on the phone, and having found their upstream unresponsive to my concerns, I as a sysadmin would have everything I needed to make a well-documented RBL nomination.
If the story is true, (and I'm still skeptical that ORBS is actually on the RBL, as opposed to there merely being a nomination under consideration, but I haven't been following nanae this week), then someone who fell into the "really really pissed" category did just that, and the RBL team was subsequently unable to have meaningful negotations with ORBS.
I like ORBS. If I had a personal box, I'd probably use their blacklist. But my liking them, even when combined with the fact that I know their intentions are good, doesn't change the fact that repeatedly launching probes against sites which have requested no longer to be probed, is/EM. abuse of the email system, and it's a form of abuse which subscribers to the MAPS RBL ought to be entitled to protection against.
Anybody else take a look at the text of yesterday's anti-spam legislation?
A couple of things come to mind.
Point 1: The spam must clearly identify a reply-to address so that you can get off the list. Spammers have pretended to do this for years. Usually, the reply-to just means that your e-mail address is valid, and gets you more spam.
Point 2: Headers must not be masked. I think this is a great first step, but won't it be hard to enforce?
Point 3: Won't all this simply move the problem offshore?
I think the Internet Community has to provide the solution for this. While government legislation is a great symbolic step, I'm not sure how much it will actually do to alleviate the 200-300 messages a day that I sometimes get in my mailbox.
Fire and Meat. Yummy.
More detailts in this article at The Register.
kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
/. haters site, if anything it's a compliment to it. /. and K5 together make for a very powerful source of news and views. And BECAUSE of their different structures you get two different faces. K5 is what it says "Technology and Culture, from the Trenches" whereas Slashdot is "News for Nerds, Stuff that Matters". K5 is SUPPOSE to be a bit rougher and raw, this is what makes it different, and is not a valid reason for beating up on it. I apologize if this comes out wrong, it just gave me the impression of the school bully picking on the new kid. And for the same reason that the bully picks on the new kid, it came across that maybe /. was getting "worried". It smacked of corpratism, and take note that I am NOT a /. "Big Bad Corp. They sold out" person. But how many times do you see the NYT go " and the Washinginton Post's editoral comments were the usual NYT sucks varity" now granted, it's different worlds, and maybe sometimes they do say something along those lines, but it looks very unprofessional and frankly not very friendly. Mentioning K5 is great, but the tone was very "put offing", specially considering how much slashdot is mentioned on K5 in favourable light, and almost NEVER by a article is it mentioned unfavourable.
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true. K5 is NOT a
Sorry for the rant, I'm going back to enjoying Slashdot AND Kuro5hin now.
- ORBS has systems that probe hosts all over the Net to test whether or not they are open relays. If a host blocks the ORBS probe, ORBS will note this fact, and some ISPs that subscribe to ORBS will block that host, even if that host is not really an open relay. (By comparison, the MAPS systems will only probe a host after someone has complained about getting spam from it.)
- Some of MAPS's own mail servers refuse connections from ORBS's probes. Therefore, ironically, ORBS blocks MAPS.
- Above.net has decided that the probes from ORBS violate the above.net Acceptable Usage Policy. Therefore, the hosts that send out these probes are blocked from the whole above.net network.
- MAPS uses above.net as an ISP, and Paul Vixie is one of the big wheels at both MAPS and above.net.
- Manawatu Internet Services (MIS), an ISP that serves other ORBS machines, uses NZ Telecom as an ISP, and NZ Telecom uses above.net as an upstream provider.
- NZ Telecom set up its routing tables incorrectly; they could and should have set them up so that MIS could access ORBS machines through another upstream ISP.
- Some folks at ORBS noticed that they were having trouble with their email (as in, it was taking over a week to get from Europe to NZ), and a cursory check suggested that above.net was sabotaging their email traffic.
[pulls string on talking Barbie] "Network administration is hard."--
send all spam to theotherwhitemeat@ropine.com
Let me say that this is *not* about "competition". This is about stopping network abuse.
I know a guy whose mail server is buggy. It is *NOT* insecure. You cannot relay mail through it. The bug is this: Certain addresses will crash it. The mail doesn't go through, but the mail server crashes.
ORBS crashes his mail server. Up to seventeen times per run. Over and over. They won't stop.
Some postmasters get email every time a relay attempt is made and fails. They are getting mailbombed by ORBS.
ORBS is doing the same thing spammers are doing: Using the email system, and refusing to stop when asked.
Even if you get on their "static" list, they'll probably still spam you occasionally. But, think about it: Is it fair for a system which claims to block "open relays" to also, if you turn it on withuot knowing about the "static" list, block mail from anyone who dislikes the constant and repeated tests?
Is it fair for them to tell their users that you're a spammer, if you tell them you don't want or appreciate their testing? Remember, we're talking about systems that are *NOT* open relays!
Finally, only ORBS has maintained spite listings. MAPS has never maintained them. I'm sure someone will find a case where MAPS listed a system that was not involved, in any way, in mail abuse. I bet you can't find one where the listing stuck past the first complaint.
ORBS has consistently condoned mass scanning of netblocks. They have encouraged people to scan whole netblocks, and resubmit any hosts they find to ORBS.
ORBS will list systems that cannot be used to relay actual spam. ORBS will list anyone that complains too loudly about them, or plays games with their tests. And they will list such people
out of spite, not out of any desire to eliminate spam.
Some people have put network-wide filters on the address space ORBS probes from. ORBS retaliated by starting to farm out relay probes to external sites. You know, just like what spammers do when you block their unwanted communications.
The only thing I think the RBL did wrong in this picture is let it go so long. ORBS has been abusing the email system for a long time, and has done a lot of stuff out of ego and spite. It's time *someone* reminded them that you can't abuse the email system forever.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This is a simple ISP fuckup. Telecom New Zealand screwed up.
And here's the start of the apologies. Paul Vixie apologizes, even. They all shake hands. Well, maybe not really, but still:
The story as reported is all lies and misinformation.
[
If anything, this shows why MAPS and ORBS should not be used. Centralized "blacklists" are a bad idea to begin with, as:
a) The server admin has no control over what sites are blocked
b) They change dynamically and could potentially block sites you were talking to days before.
c) Petty disputes like this one will cause trouble.
If you want to do your own spam filtering on your own site, that's fine. Depending on someone else to tell you who you should block is just asking for trouble.
Sorry to see that Alan has to use draconian filtering. Without it, I'm sure he's going to get a lot of e-mail, mostly spam. As it is, I get 200+ a day, and noone knows me.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)