Slashdot Mirror
MAPS vs. ORBS
Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?
Right. But they're not doing that.
I am not an above.net customer. Nevertheless, they have taken the choice of whether or not to use ORBS away from me. Thus, they have denied a non-customer the right to use that service.
The fact that I have until now chosen not to use their service is irrelevent: I resent having that choice taken away from me as a result of above.net's behavior.
From what I have read above.net are denying others access to ORBS, by advertising null routes with very low metrics to the rest of the net. This has apparently caused links which could be routed to and from ORBS to non-above.net locations via either above.net or an alternate backbone providor to default to above.net (a lower metric says "I am the shorter route, use me!"), where they then get routed nowhere.
This has the effect of blocking ORBS from ISPs and users who are not above.net's customers.
Above.net denies this. ORBS broadcasts the assertion. Other observers who appear to be less involved (read: more neutral) have commented that ORBS assertions as to cause and effect appear to be accurate, even if their assertions as to motive may not be.
Add to this that ORBS has apparently shut down their service altogether. This could be a publicity stunt, but I think most reasonable people would suspect it has more to do with technical problems stemming from above.net's behavior than political fallout.
Taken as a whole, it appears that the accusers have offered significant evidence of wrongdoing, while the accused have responded with disclaimers and denials, but no evidence to refute the accusations. As a neutral but technically competent observer I am, for the moment, inclined to believe what others have apparently confirmed.
I'll reiterate: what above.net is doing is wrong. It is unethical. It is immoral. It is reprehensible. And it is destructive to the very trust model upon which routing throughout the internet relies.
They may not be in legal trouble (though I suspect even that stance is open to dispute), but they are in a whole lot of PR trouble, and they clearly deserve to be.
If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.
The Future of Human Evolution: Autonomy
There was an interesting discussion about this yesterday on K5.
The views on this controversy are diverse and conflicting, to say the least.
My personal take: I don't use ORBS and I have no opinion on the quality or fairness of ORBS' anti-spam service, but for another entity to unilaterally deny users who are not their customers the right to use the service, however flawed it may or may not be, and to do so by undermining the very IP protocols we all rely on is reprehensible in the extreme.
That above.net offers a competing anti-SPAM product is not merely suspicious, it is damning.
Finally, what happens if other competitors start advertising bogus routes to competing web pages or services?
IMHO above.net needs to be bitch slapped, hard.
The Future of Human Evolution: Autonomy
ORBS is not like MAPS. MAPS relies on submissions and actual proof. ORBS has a policy of 'blacklist all by default, if not, go out and hunt them down.'
/24 that www.orbs.org is on, as well as i2bs.com, probably half or all of dN.net (Verislow's digitalNation), and anything that so much as looks like ORBS. Sure, you may lose some legitimate traffic, but miniscule at best. And the only way ORBS is going to get the hint that their methods and policies (or lack thereof and/or lax enforcement and/or personal problems/mental problems) are NOT welcome is if they suddenly find themselves shut out.
In other words, ORBS is a hostile system, which will deliberately and intentionally probe your mail servers without provocation, without permission, and then blacklist you and refuse to remove you, whether or not you fix it or a problem really exists. I have had to deal with the assholes there before. They're worthless. Anyone who would respond to an email requesting to be removed as the blacklisted server is not a relay with the words, and I quote "use a real mail server" and calling the administrator an "idiot" repeatedly... well, draw your own conclusions.
ORBS also appears to either be utilizing systems outside of their network for scanning to evade the blocking that hundreds of ISPs use against them (which results in ORBS blackholing them). Possibly cracked, possibly legitimate. I don't know - all I know is that I have always treated ORBS as a hostile entity after I saw them attempting connections on a variety of ports to a mailserver. I've been keeping ACLs up to date to keep the assholes out since.
MAPS realistically *should* be blackholing ORBS, and likely DOES (I don't subscribe to MAPS, RBL, etc - I feel the methodology is flawed.) due to the fact that ORBS deliberately seeks out relays. I wouldn't put it past ORBS to be selling open relays, perhaps their entire black hole list, to spammers. They've proven to be those kind of people in the past, and still are.
Those of you looking to block ORBS, I'd recommend dropping all packets from the entire
=RISCy Business
your company here.
shelby != ford
MAPS - is about preventing abuse of the mail system, in any form. Present methods of abuse are mainly centered around direct-to-MX spam from dialups with lax signup policies, DOS attacks in the form of multi-megabyte mainsleaze "we sent you an MPEG of our latest 30-second TV spot" marketing firms, and yes, spam relayed through insecure relays.
Loosely categorized, that's MAPS DUL (the dialup project), MAPS RBL (The Realtime Blackhole List, designed for firms which continue to spam unrepentantly and for which every other means to have meaningful discussion has failed, and MAPS RSS (Relay Spam Stopper, a blacklist of open relays.)
ORBS, by contrast, concentrates only on adding open relays to its block list, and has a method of checking those relays which results in it probing machines, often repeatedly, and most importantly, even against the express wishes of the system administrators of the machines being probed.
ORBS is not a spammer, but there's a legitimate argument that says they're abusing the servers they contact. They have great intentions (with which the road to the RBL is paved). But the bottom line is that if you - be ye a spammer or be ye a relay-checker - probe my box, I'm gonna be pissed. If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.
This is nothing new. ISTR that ORBS lost their connectivity for a period of time from BCTel as far back as 1997/8ish for this - people being probed complained to ORBS, ORBS didn't stop probing, so they did the right thing --- complained to ORBS' upstream.
Back to the present day and "pissed". If ORBS' current upstream isn't gonna stop 'em, then I'm gonna document my efforts. Having emailed ORBS folks, spoken to them on the phone, and having found their upstream unresponsive to my concerns, I as a sysadmin would have everything I needed to make a well-documented RBL nomination.
If the story is true, (and I'm still skeptical that ORBS is actually on the RBL, as opposed to there merely being a nomination under consideration, but I haven't been following nanae this week), then someone who fell into the "really really pissed" category did just that, and the RBL team was subsequently unable to have meaningful negotations with ORBS.
I like ORBS. If I had a personal box, I'd probably use their blacklist. But my liking them, even when combined with the fact that I know their intentions are good, doesn't change the fact that repeatedly launching probes against sites which have requested no longer to be probed, is/EM. abuse of the email system, and it's a form of abuse which subscribers to the MAPS RBL ought to be entitled to protection against.
Anybody else take a look at the text of yesterday's anti-spam legislation?
A couple of things come to mind.
Point 1: The spam must clearly identify a reply-to address so that you can get off the list. Spammers have pretended to do this for years. Usually, the reply-to just means that your e-mail address is valid, and gets you more spam.
Point 2: Headers must not be masked. I think this is a great first step, but won't it be hard to enforce?
Point 3: Won't all this simply move the problem offshore?
I think the Internet Community has to provide the solution for this. While government legislation is a great symbolic step, I'm not sure how much it will actually do to alleviate the 200-300 messages a day that I sometimes get in my mailbox.
Fire and Meat. Yummy.
More detailts in this article at The Register.
kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post
/. haters site, if anything it's a compliment to it. /. and K5 together make for a very powerful source of news and views. And BECAUSE of their different structures you get two different faces. K5 is what it says "Technology and Culture, from the Trenches" whereas Slashdot is "News for Nerds, Stuff that Matters". K5 is SUPPOSE to be a bit rougher and raw, this is what makes it different, and is not a valid reason for beating up on it. I apologize if this comes out wrong, it just gave me the impression of the school bully picking on the new kid. And for the same reason that the bully picks on the new kid, it came across that maybe /. was getting "worried". It smacked of corpratism, and take note that I am NOT a /. "Big Bad Corp. They sold out" person. But how many times do you see the NYT go " and the Washinginton Post's editoral comments were the usual NYT sucks varity" now granted, it's different worlds, and maybe sometimes they do say something along those lines, but it looks very unprofessional and frankly not very friendly. Mentioning K5 is great, but the tone was very "put offing", specially considering how much slashdot is mentioned on K5 in favourable light, and almost NEVER by a article is it mentioned unfavourable.
Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true. K5 is NOT a
Sorry for the rant, I'm going back to enjoying Slashdot AND Kuro5hin now.
- ORBS has systems that probe hosts all over the Net to test whether or not they are open relays. If a host blocks the ORBS probe, ORBS will note this fact, and some ISPs that subscribe to ORBS will block that host, even if that host is not really an open relay. (By comparison, the MAPS systems will only probe a host after someone has complained about getting spam from it.)
- Some of MAPS's own mail servers refuse connections from ORBS's probes. Therefore, ironically, ORBS blocks MAPS.
- Above.net has decided that the probes from ORBS violate the above.net Acceptable Usage Policy. Therefore, the hosts that send out these probes are blocked from the whole above.net network.
- MAPS uses above.net as an ISP, and Paul Vixie is one of the big wheels at both MAPS and above.net.
- Manawatu Internet Services (MIS), an ISP that serves other ORBS machines, uses NZ Telecom as an ISP, and NZ Telecom uses above.net as an upstream provider.
- NZ Telecom set up its routing tables incorrectly; they could and should have set them up so that MIS could access ORBS machines through another upstream ISP.
- Some folks at ORBS noticed that they were having trouble with their email (as in, it was taking over a week to get from Europe to NZ), and a cursory check suggested that above.net was sabotaging their email traffic.
[pulls string on talking Barbie] "Network administration is hard."--
send all spam to theotherwhitemeat@ropine.com
Let me say that this is *not* about "competition". This is about stopping network abuse.
I know a guy whose mail server is buggy. It is *NOT* insecure. You cannot relay mail through it. The bug is this: Certain addresses will crash it. The mail doesn't go through, but the mail server crashes.
ORBS crashes his mail server. Up to seventeen times per run. Over and over. They won't stop.
Some postmasters get email every time a relay attempt is made and fails. They are getting mailbombed by ORBS.
ORBS is doing the same thing spammers are doing: Using the email system, and refusing to stop when asked.
Even if you get on their "static" list, they'll probably still spam you occasionally. But, think about it: Is it fair for a system which claims to block "open relays" to also, if you turn it on withuot knowing about the "static" list, block mail from anyone who dislikes the constant and repeated tests?
Is it fair for them to tell their users that you're a spammer, if you tell them you don't want or appreciate their testing? Remember, we're talking about systems that are *NOT* open relays!
Finally, only ORBS has maintained spite listings. MAPS has never maintained them. I'm sure someone will find a case where MAPS listed a system that was not involved, in any way, in mail abuse. I bet you can't find one where the listing stuck past the first complaint.
ORBS has consistently condoned mass scanning of netblocks. They have encouraged people to scan whole netblocks, and resubmit any hosts they find to ORBS.
ORBS will list systems that cannot be used to relay actual spam. ORBS will list anyone that complains too loudly about them, or plays games with their tests. And they will list such people
out of spite, not out of any desire to eliminate spam.
Some people have put network-wide filters on the address space ORBS probes from. ORBS retaliated by starting to farm out relay probes to external sites. You know, just like what spammers do when you block their unwanted communications.
The only thing I think the RBL did wrong in this picture is let it go so long. ORBS has been abusing the email system for a long time, and has done a lot of stuff out of ego and spite. It's time *someone* reminded them that you can't abuse the email system forever.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This is a simple ISP fuckup. Telecom New Zealand screwed up.
And here's the start of the apologies. Paul Vixie apologizes, even. They all shake hands. Well, maybe not really, but still:
The story as reported is all lies and misinformation.
[
If anything, this shows why MAPS and ORBS should not be used. Centralized "blacklists" are a bad idea to begin with, as:
a) The server admin has no control over what sites are blocked
b) They change dynamically and could potentially block sites you were talking to days before.
c) Petty disputes like this one will cause trouble.
If you want to do your own spam filtering on your own site, that's fine. Depending on someone else to tell you who you should block is just asking for trouble.
Sorry to see that Alan has to use draconian filtering. Without it, I'm sure he's going to get a lot of e-mail, mostly spam. As it is, I get 200+ a day, and noone knows me.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)