Slashdot Mirror
MAPS vs. ORBS
Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?
On the first link, yeah, ORBS is not saying it is in the Black Hole, but that above.net has been issuing router pollution all by itself to make orbs.org unreachable to chunks of the internet. See what ORBS themselves has to say. I don't think they're going to say this stuff unless they think it is true!
-Andy
But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."
I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.
Personally I'm getting a little sick of this. I got flamed up and down for running the story about Ryan Meader's leaked plans for the Apple Cube; I saw a dozen "proofs" that he faked the whole thing right down to the letter from Apple. And what did Apple announce today? The Cube. Please send your lengthy apologies complete with $50 checks or money orders to: jamie@mccarthy.org. Thank you.
More seriously - your rude remark about "book-content fodder" is bunk. You know, or should know, that Slashdot has already decided not to run a book of readers' comments without getting permission from those who posted them (which basically means not running the book at all, because 100% of the readers will never respond).
It's easy for you to whine about how unfair it all is that Slashdot is delivering ad banners, but when it came down to brass tacks, we yanked an entire book and probably lost a lot of money, because it was the right thing to do. Of course, acknowledging that would just distract people from your point, which was, obviously, to bash us.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
The fix is for ORBS' upstream to stop advertising above.net as a route to ORBS.
Yes, and that is a reasonable fix.
However, my understanding is that ORBS went much further than that: they advertised routes with very low metrics designed to lure packets away from valid routes which wouldn't have gone through them at all. This had the effect of shutting down legitimate routes which had nothing to do with above.net.
The fact that there may be a fix (hell, pulling the plug on above.net altogether would be a fix) doesn't make what they did any less reprehensible and inappropriate.
I say this as an unaffected, non-ORBS using observer. If above.net was trying to destroy their own business, I can't think of too many ways they could have started more effectively. I am sure there are many thousands who are far more ticked off than I am.
The Future of Human Evolution: Autonomy
Once the site (K5) recovers, please, everyone go and read it, and decide how "bashing" it really was. It was never my intention to bash /., I like the site a lot. I didn't intend to start a flame-war. All I did was ask some questions that inadvertently questioned the integrity of our gracious hosts, Taco, Hemos, et al. A simple answer of "You're on crack!" would probably have sufficed.
/. was a reliable source of breaking-news in the technology sector, a source of obscure scientific research and a valuable resource of technical information.
/. has grown in readership, the stories chosen by the editors for posting on the front page have changed. They are not nearly as edgy anymore, and tend to 'cater to a mass-mentality' instead of trying to inform individuals.
/. picks up the pieces a bit later.
/. readers; or are they running the biggest troll of them all in exchange for payment for most ad-banners served?'
Here's the jist of what I had to say:
A pretty long time ago at this point,
As
The topics covered are more political and opinion-feeding rather than factual, and they are a lot less timely. News breaks elsewhere now, and
Now, my "bash" consisted of asking "WHY?"
Is it that the editors are that much more busy, now that they get paid to do what they did brilliantly for free? Is it that Andover wants some assurance that a story isn't being fabricated, just so someone out there can take pride in being slashdotted? Are the stories chosen specifically for the amount of opinionated discussion they will create, possibly for book-content-fodder - since there is less fact and more opinion with each passing month?
Or (and here's the "bash") are the editors getting some benefit from bringing in more and more eyeballs, and so they choose the more dilute stories to post, so they will be accessible to more and more eyeballs?
My subversion simply asks, 'are Rob and Jeff catering/reacting to the interests of
If I'm making unfair accusations, I've already offered on K5 to print my post and eat it before a live audience. But it has been a really long time since we've had a "State of the Slashdot" article from Taco; perhaps it's time for a Slashdot Interview with the Slashdot Staff; just to get this kind of thing off of my (and our, perhaps) chest?
-- What you do today will cost you a day of your life.
>> kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
> Why did you mention that?
Because if they didn't, then someone would accuse them of censoring that story.
--
Sheesh, evil *and* a jerk. -- Jade
I think its pretty stupid to start crappin on a poster in kuro5hin that thinks slashdot was censoring this story. It certainly has taken slashdot long enough to put it up. This is obviously newsworthy for nerds. This story was up yesterday on kuro5hin and it has to go through moderation by the whole community whereas slashdot only needs one moderator to approve it. I honestly don't think starting a flame war between kuro5hin and slashdot is ever going to be productive.
Some traceroutes to orbs.org from a handful of places on the internet. Edited for brevity. The !H results are ICMP No Route to Host responses.
Traceroute Output that fails because above.net eats the traffic...
FROM www.isp.at TO orbs.org.
traceroute to orbs.org (202.36.148.21), 30 hops
4 Vix-ATM-155.inode.at (195.58.160.209) 5.048 ms 12.202 ms 12.646 ms
5 vix.above.net (193.203.0.45) 7.672 ms 5.304 ms 8.382 ms
6 208.184.102.49 (208.184.102.49) 6.614 ms 6.674 ms 7.122 ms
7 208.184.102.130 (208.184.102.130) 30.216 ms 29.016 ms 30.927 ms
8 208.184.102.142 (208.184.102.142) 28.991 ms 32.004 ms 29.605 ms
9 208.184.102.138 (208.184.102.138) 51.13 ms 51.809 ms 50.449 ms
10 216.200.254.77 (216.200.254.77) 125.319 ms 126.959 ms 126.231 ms
11 core1-core3-oc48.iad.above.net (209.249.203.34) 126.821 ms 126.721 ms 125.09 ms
12 207.126.96.121 (207.126.96.121) 207.957 ms !H 207.261 ms !H 206.349 ms !H
One that succeeds because 202.50/16 is not blackholed by above.net
Tracing the route to orbs.org (202.50.71.133)
...
9 telcomnz-gw.customer.ALTER.NET (157.130.224.90) [AS 701] 8 msec 8 msec 8 msec
10 s5-1-3.akbr1.netgate.net.nz (202.37.246.246) [AS 4648] 200 msec 204 msec 204 msec
11 xtra.akbr1.netgate.net.nz (202.37.245.150) [AS 4648] 148 msec 148 msec 148 msec
12 203.96.111.218 [AS 4648] 180 msec 156 msec 160 msec
13 210-55-195-1.dds.xtra.co.nz (210.55.195.1) [AS 4648] 356 msec 604 msec 888 msec
14 DMZrouter.manawatu.net.nz (202.50.71.26) [AS 9325] 248 msec 180 msec 340 msec
15 orbs.org (202.50.71.133) [AS 9325] 300 msec 428 msec 240 msec
It seems that since the slashdot effect occurred a few hours ago, Vixie and others are taking steps to fix this problem. Sometimes things happen very rapidly on the internet, when enough voices are complaining.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Hehe... I am an admin there :) Me and Rusty are the guys who work on it. Rusty wrote Scoop, the weblog engine we use, and I do the more practical Unix admin stuff. Being an admin isn't anthing special because K5 is all user run (story moderation, etc).
:) But it is nice to get some extra people to read and help the site grow.
We're sometimes on #kuro5hin on irc.kuro5hin.org (same IRC network that hosts #slashdot), can be mailed, etc, if you want to chat with us.
As for traffic being "free," someone has to pay for bandwidth..
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true.
Isn't this a Slashdot is censoring the story post?. How about this one? The post isn't attacking K5, all it points out is that there were several posters on kuro5hin who post slashdot-is-censoring-the-story-messages daily on kuro5hin. Frankly I read K5 everyday and literally every two or three stories has somebody complaining about how slashdot is censoring the story.
PS: Now for a real conspiracy, ask why slashdot hasn't posted this story. It has beeen submitted several times by myself and others on kuro5hin but is always rejected.
I love how, if we post cutting-edge information that hasn't totally been verified, we get flamed for being "just a rumor site." But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."
I used to get upset at getting flamed on Usenet. I don't anymore. Why? Any time you put something vaguely controvertial up in a public forum with a reasonable amount of readers someone will disagree with it. Out of those with disagreements, there is a fair chance someone will fire off a response without their brain in gear. Or even post a reasoned rebuttal - scary but it does happen. Slashdot is about as public as it gets - I note the number of UserIDs appears to have run passed 200,000 now so I'm not surprised in the slightest that thoughtless stupid flames get received by /.
I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.
Have a Ramapant Speculation section then for unverified information. Make everyone happy. Give it a extra icon that can be added to show once a story is verified or refuted.
Just my 2c. And ignore ignorant flames - they can go in the bit bucket. Just make sure whatever filter you use recognises real constructive critism as well! :-)
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Question: Do any Slashdot readers really think SPAM is an effective form of advertising?
Right. But they're not doing that.
I am not an above.net customer. Nevertheless, they have taken the choice of whether or not to use ORBS away from me. Thus, they have denied a non-customer the right to use that service.
The fact that I have until now chosen not to use their service is irrelevent: I resent having that choice taken away from me as a result of above.net's behavior.
From what I have read above.net are denying others access to ORBS, by advertising null routes with very low metrics to the rest of the net. This has apparently caused links which could be routed to and from ORBS to non-above.net locations via either above.net or an alternate backbone providor to default to above.net (a lower metric says "I am the shorter route, use me!"), where they then get routed nowhere.
This has the effect of blocking ORBS from ISPs and users who are not above.net's customers.
Above.net denies this. ORBS broadcasts the assertion. Other observers who appear to be less involved (read: more neutral) have commented that ORBS assertions as to cause and effect appear to be accurate, even if their assertions as to motive may not be.
Add to this that ORBS has apparently shut down their service altogether. This could be a publicity stunt, but I think most reasonable people would suspect it has more to do with technical problems stemming from above.net's behavior than political fallout.
Taken as a whole, it appears that the accusers have offered significant evidence of wrongdoing, while the accused have responded with disclaimers and denials, but no evidence to refute the accusations. As a neutral but technically competent observer I am, for the moment, inclined to believe what others have apparently confirmed.
I'll reiterate: what above.net is doing is wrong. It is unethical. It is immoral. It is reprehensible. And it is destructive to the very trust model upon which routing throughout the internet relies.
They may not be in legal trouble (though I suspect even that stance is open to dispute), but they are in a whole lot of PR trouble, and they clearly deserve to be.
If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.
The Future of Human Evolution: Autonomy
There was an interesting discussion about this yesterday on K5.
The views on this controversy are diverse and conflicting, to say the least.
My personal take: I don't use ORBS and I have no opinion on the quality or fairness of ORBS' anti-spam service, but for another entity to unilaterally deny users who are not their customers the right to use the service, however flawed it may or may not be, and to do so by undermining the very IP protocols we all rely on is reprehensible in the extreme.
That above.net offers a competing anti-SPAM product is not merely suspicious, it is damning.
Finally, what happens if other competitors start advertising bogus routes to competing web pages or services?
IMHO above.net needs to be bitch slapped, hard.
The Future of Human Evolution: Autonomy
ORBS is not like MAPS. MAPS relies on submissions and actual proof. ORBS has a policy of 'blacklist all by default, if not, go out and hunt them down.'
/24 that www.orbs.org is on, as well as i2bs.com, probably half or all of dN.net (Verislow's digitalNation), and anything that so much as looks like ORBS. Sure, you may lose some legitimate traffic, but miniscule at best. And the only way ORBS is going to get the hint that their methods and policies (or lack thereof and/or lax enforcement and/or personal problems/mental problems) are NOT welcome is if they suddenly find themselves shut out.
In other words, ORBS is a hostile system, which will deliberately and intentionally probe your mail servers without provocation, without permission, and then blacklist you and refuse to remove you, whether or not you fix it or a problem really exists. I have had to deal with the assholes there before. They're worthless. Anyone who would respond to an email requesting to be removed as the blacklisted server is not a relay with the words, and I quote "use a real mail server" and calling the administrator an "idiot" repeatedly... well, draw your own conclusions.
ORBS also appears to either be utilizing systems outside of their network for scanning to evade the blocking that hundreds of ISPs use against them (which results in ORBS blackholing them). Possibly cracked, possibly legitimate. I don't know - all I know is that I have always treated ORBS as a hostile entity after I saw them attempting connections on a variety of ports to a mailserver. I've been keeping ACLs up to date to keep the assholes out since.
MAPS realistically *should* be blackholing ORBS, and likely DOES (I don't subscribe to MAPS, RBL, etc - I feel the methodology is flawed.) due to the fact that ORBS deliberately seeks out relays. I wouldn't put it past ORBS to be selling open relays, perhaps their entire black hole list, to spammers. They've proven to be those kind of people in the past, and still are.
Those of you looking to block ORBS, I'd recommend dropping all packets from the entire
=RISCy Business
your company here.
shelby != ford
MAPS - is about preventing abuse of the mail system, in any form. Present methods of abuse are mainly centered around direct-to-MX spam from dialups with lax signup policies, DOS attacks in the form of multi-megabyte mainsleaze "we sent you an MPEG of our latest 30-second TV spot" marketing firms, and yes, spam relayed through insecure relays.
Loosely categorized, that's MAPS DUL (the dialup project), MAPS RBL (The Realtime Blackhole List, designed for firms which continue to spam unrepentantly and for which every other means to have meaningful discussion has failed, and MAPS RSS (Relay Spam Stopper, a blacklist of open relays.)
ORBS, by contrast, concentrates only on adding open relays to its block list, and has a method of checking those relays which results in it probing machines, often repeatedly, and most importantly, even against the express wishes of the system administrators of the machines being probed.
ORBS is not a spammer, but there's a legitimate argument that says they're abusing the servers they contact. They have great intentions (with which the road to the RBL is paved). But the bottom line is that if you - be ye a spammer or be ye a relay-checker - probe my box, I'm gonna be pissed. If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.
This is nothing new. ISTR that ORBS lost their connectivity for a period of time from BCTel as far back as 1997/8ish for this - people being probed complained to ORBS, ORBS didn't stop probing, so they did the right thing --- complained to ORBS' upstream.
Back to the present day and "pissed". If ORBS' current upstream isn't gonna stop 'em, then I'm gonna document my efforts. Having emailed ORBS folks, spoken to them on the phone, and having found their upstream unresponsive to my concerns, I as a sysadmin would have everything I needed to make a well-documented RBL nomination.
If the story is true, (and I'm still skeptical that ORBS is actually on the RBL, as opposed to there merely being a nomination under consideration, but I haven't been following nanae this week), then someone who fell into the "really really pissed" category did just that, and the RBL team was subsequently unable to have meaningful negotations with ORBS.
I like ORBS. If I had a personal box, I'd probably use their blacklist. But my liking them, even when combined with the fact that I know their intentions are good, doesn't change the fact that repeatedly launching probes against sites which have requested no longer to be probed, is/EM. abuse of the email system, and it's a form of abuse which subscribers to the MAPS RBL ought to be entitled to protection against.
Anybody else take a look at the text of yesterday's anti-spam legislation?
A couple of things come to mind.
Point 1: The spam must clearly identify a reply-to address so that you can get off the list. Spammers have pretended to do this for years. Usually, the reply-to just means that your e-mail address is valid, and gets you more spam.
Point 2: Headers must not be masked. I think this is a great first step, but won't it be hard to enforce?
Point 3: Won't all this simply move the problem offshore?
I think the Internet Community has to provide the solution for this. While government legislation is a great symbolic step, I'm not sure how much it will actually do to alleviate the 200-300 messages a day that I sometimes get in my mailbox.
Fire and Meat. Yummy.
More detailts in this article at The Register.
kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
/. haters site, if anything it's a compliment to it. /. and K5 together make for a very powerful source of news and views. And BECAUSE of their different structures you get two different faces. K5 is what it says "Technology and Culture, from the Trenches" whereas Slashdot is "News for Nerds, Stuff that Matters". K5 is SUPPOSE to be a bit rougher and raw, this is what makes it different, and is not a valid reason for beating up on it. I apologize if this comes out wrong, it just gave me the impression of the school bully picking on the new kid. And for the same reason that the bully picks on the new kid, it came across that maybe /. was getting "worried". It smacked of corpratism, and take note that I am NOT a /. "Big Bad Corp. They sold out" person. But how many times do you see the NYT go " and the Washinginton Post's editoral comments were the usual NYT sucks varity" now granted, it's different worlds, and maybe sometimes they do say something along those lines, but it looks very unprofessional and frankly not very friendly. Mentioning K5 is great, but the tone was very "put offing", specially considering how much slashdot is mentioned on K5 in favourable light, and almost NEVER by a article is it mentioned unfavourable.
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true. K5 is NOT a
Sorry for the rant, I'm going back to enjoying Slashdot AND Kuro5hin now.
- ORBS has systems that probe hosts all over the Net to test whether or not they are open relays. If a host blocks the ORBS probe, ORBS will note this fact, and some ISPs that subscribe to ORBS will block that host, even if that host is not really an open relay. (By comparison, the MAPS systems will only probe a host after someone has complained about getting spam from it.)
- Some of MAPS's own mail servers refuse connections from ORBS's probes. Therefore, ironically, ORBS blocks MAPS.
- Above.net has decided that the probes from ORBS violate the above.net Acceptable Usage Policy. Therefore, the hosts that send out these probes are blocked from the whole above.net network.
- MAPS uses above.net as an ISP, and Paul Vixie is one of the big wheels at both MAPS and above.net.
- Manawatu Internet Services (MIS), an ISP that serves other ORBS machines, uses NZ Telecom as an ISP, and NZ Telecom uses above.net as an upstream provider.
- NZ Telecom set up its routing tables incorrectly; they could and should have set them up so that MIS could access ORBS machines through another upstream ISP.
- Some folks at ORBS noticed that they were having trouble with their email (as in, it was taking over a week to get from Europe to NZ), and a cursory check suggested that above.net was sabotaging their email traffic.
[pulls string on talking Barbie] "Network administration is hard."--
send all spam to theotherwhitemeat@ropine.com
Let me say that this is *not* about "competition". This is about stopping network abuse.
I know a guy whose mail server is buggy. It is *NOT* insecure. You cannot relay mail through it. The bug is this: Certain addresses will crash it. The mail doesn't go through, but the mail server crashes.
ORBS crashes his mail server. Up to seventeen times per run. Over and over. They won't stop.
Some postmasters get email every time a relay attempt is made and fails. They are getting mailbombed by ORBS.
ORBS is doing the same thing spammers are doing: Using the email system, and refusing to stop when asked.
Even if you get on their "static" list, they'll probably still spam you occasionally. But, think about it: Is it fair for a system which claims to block "open relays" to also, if you turn it on withuot knowing about the "static" list, block mail from anyone who dislikes the constant and repeated tests?
Is it fair for them to tell their users that you're a spammer, if you tell them you don't want or appreciate their testing? Remember, we're talking about systems that are *NOT* open relays!
Finally, only ORBS has maintained spite listings. MAPS has never maintained them. I'm sure someone will find a case where MAPS listed a system that was not involved, in any way, in mail abuse. I bet you can't find one where the listing stuck past the first complaint.
ORBS has consistently condoned mass scanning of netblocks. They have encouraged people to scan whole netblocks, and resubmit any hosts they find to ORBS.
ORBS will list systems that cannot be used to relay actual spam. ORBS will list anyone that complains too loudly about them, or plays games with their tests. And they will list such people
out of spite, not out of any desire to eliminate spam.
Some people have put network-wide filters on the address space ORBS probes from. ORBS retaliated by starting to farm out relay probes to external sites. You know, just like what spammers do when you block their unwanted communications.
The only thing I think the RBL did wrong in this picture is let it go so long. ORBS has been abusing the email system for a long time, and has done a lot of stuff out of ego and spite. It's time *someone* reminded them that you can't abuse the email system forever.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This is a simple ISP fuckup. Telecom New Zealand screwed up.
And here's the start of the apologies. Paul Vixie apologizes, even. They all shake hands. Well, maybe not really, but still:
The story as reported is all lies and misinformation.
[
If anything, this shows why MAPS and ORBS should not be used. Centralized "blacklists" are a bad idea to begin with, as:
a) The server admin has no control over what sites are blocked
b) They change dynamically and could potentially block sites you were talking to days before.
c) Petty disputes like this one will cause trouble.
If you want to do your own spam filtering on your own site, that's fine. Depending on someone else to tell you who you should block is just asking for trouble.
Sorry to see that Alan has to use draconian filtering. Without it, I'm sure he's going to get a lot of e-mail, mostly spam. As it is, I get 200+ a day, and noone knows me.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)