Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam Your Rights Online

MAPS vs. ORBS 278

Well, we held or deleted the first few hundred submissions, because we were hoping the situation would clear up and we could figure out what was going on. But it hasn't cleared up, so we're posting it and hopefully there are some readers out there who know what's going on and can shed some light. It seems that the anti-spammers at MAPS and ORBS have gone from a cold war into a shooting one, with MAPS listing ORBS on their blackhole list. ORBS accuses MAPS of doing it for financial gain, MAPS accuses ORBS of attacking systems, Alan Cox gets peeved about spam, kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post, and the U.S. House passed an anti-spam bill yesterday - coincidence, or devious conspiracy?
This discussion has been archived. No new comments can be posted.

MAPS vs. ORBS

Comments Filter:
  • It was Canter and Siegel, spammed Usenet (not email) with offer to "help" with submitting green card lottery entries. It was the time when usenet was relatively spam-clean, and I remember that my first reaction was to look for a bug in my nntp client, as it received huge number of duplicate messages.
  • I don't know, what was the first email or usenet spam, however I remember seeing MAKE.MONEY.FAST file (classic "chain letter" pyramide scheme) long ago in early 90's. It probably was already very old by then.
  • I see from Alan's diary entry that he's going into a maintainence mode of sorts:

    - he's stopping work on the 2.3/4 kernel
    - he's going to continue maintaining the 2.2 kernel, but,
    - he's heavily filtering his mail, so that only people who contact him regularly can reach him

    This seems a little extreme....

    Maybe he's just taking a little break while he rebuilds his new (old) house, but I can't help but wonder if everyone's favourite Swansea hacker isn't feeling a little burnt out these days.

    Hey Alan, you out there? Is anything wrong?
  • Anyway, he doesn't "fix" the server because, except in terms of *ONE* person doing *ONE* thing, it *isn't broken*. It runs. It doesn't relay mail. It doesn't crash unless ORBS probes it. It doesn't open anyone up to any kind of security problems.

    Except this person you know, because someone else could crash it and as someone else pointed out that with code that potentially sloppy, its probably go other problems (buffer overruns, etc) too. Having been probed by ORBS myself, and having personally written the MTA code to make smap not vulnerable to relay attacks as ORBS found that the venerable smap had in it, I have very little empathy for your friend. I understand and agree with his frustration, but I also know for a fact that ORBS is not doing anything that violates RFCs or should crash an MTA that can handle standard RFC complaint headers. In fact, this is the first time I've heard of an MTA crashing from a relay probe.

    In a former life, I wrote the code for NetSonar (Ciscos vulnerability scanner) that looks for relay vulberabilities in MTAs and in all the vendor products we tested (granted, there are bound to be products we couldn't test) I never saw an MTA crash from a relay probe. Your friends MTA sounds really fubared to me. At the very least, it should motivate him or her to get it fixed. If a relay probe is crashing it, that MTA has other problems IMHO.

    If someone found a bug in your system, and you couldn't easily fix it, would you agree that it was reasonable for your system to be taken down every so often, every time some guy wanted to take it down, and the guy is not only *allowed* to do this, but *encouraged*, because Slashdot readers unanimously agree that, if your server can be crashed, it's your own fault for running a crappy server?

    No. If my server had that sort of a problem I would fix it or try to find something that works better. Nothing is perfect, but if a solution exists to solve the problem (eliminate the bug) I will take that anyday over complaining about the problem or hoping whatever is causing it will go away - especially if I have no control over what is causing it like your friend. No offense to this person your know, but I still don't understand why someone wouldn't fix that part of the problem they have direct control over. Perhaps its the engineer in me, buts thats always the first thing I start with. I prefer the solution I can make happen now, rather than having to rely on someone else to either do something for me or to stop doing something. Again, keep in mind that when ORBS found problems in my MTA I personally wrote the code to fix it. So my perspective is a tad biased in that I have the capability to fix the problem myself and I am inclined to solve problems technologically, when possible, rather than rely on someone elses actions or inactions to solve it for me.

    DOS is DOS. It doesn't matter if the guys doing it claim to have white hats.

    No, intent matters. When I was being paid to break into a large corporation *by that large corporation*, I was using strobe (no nmap in those days) to find open ports on a class B network. A simple three way handshake downed ALL of that companies RAS servers. A feature of those RAS servers was that each modem was bound to it own port (2000 and up) so an administrator could access each modem remotely via telnet. Neat feature... BUT... the vendor didn't design the telnet daemon well. If you opened the socket with TWH, and then tore it down (like a connect() scan does) the daemon should have released the port back to the modem - because the session was gone. Thats RFC complaint behavior. The vendor however did not design it that way, and all the modems got locked out because the modems were waiting for input from the telnet daemon - which was listening to a dead session that had been torn down. A stupid bug to be sure - and it DID deny service to that coporation. Was that a DOS? Technicall yes, but its was intended to be a DoS, nor should that RAS server have acted that way. The RAS server was BROKEN. There was no excuse for it to act that way and the vendor eventually fixed it.

    So, my point is that intent matters. ORBS is, I'm sure, not trying to DoS your friends system. And, it sounds like your friends system is very very broken. It needs to be fixed, because what ORBS is probably doing - and from past experience does - should not crash an MTA. ORBS could stop. They do not have to test this system. The only argument they have for testing it is the belief that it could somehow magically turn into an open relay. It's not an open relay. It won't be. In fact, the most likely outcome of their behavior is that the MTA will be replaced - and the result might be open. If they leave him alone, everything is fine. Only one problem with that: Alan can't accept a world where he can't fuck with anyone he wants, any time he wants. If you like this, I only hope you have the honesty to still stand up for it when it's your box being crashed by some asshole with a net-abuse-friendly provider.
    --
    Python

  • Not if the box is crashing because it doesn't implement an RFC correctly and the bug that is crashing it is really really stupid - and the intent of the person crashing it is to not crash it. I'm positive that Alan is not trying to crash your friends box. It sounds to me like an honest accident, caused by poorly written software that doesn't implement the RFC correctly.

    That is NOT net abuse and I wish people would stop overusing this term. There is real net abuse and this is not it. An MTA that can not handle RFC compliant headers and is crashing because of it is not experiencing net abuse - it just buggy software that needs to be fixed.
    --
    Python

  • I still don't understand why your friend doesn't just fix his server so that it doesn't crash. That is certainly a more effective and final solution to his or her problem with ORBS, than trying to get ORBS to stop. What if it were some attacker having fun with your friends server and watching it go down all the time?

    Regardless, your friend has total control over fixing his or her server and therefore would mitigate their problem immediately and finally. Its obvious your friends server has a serious problem, independent of ORBS, in that anyone could crash it. So again, given that the solution, fixing the server, is obvious, simple and within your friends grasp. Why would your friend continue to operate otherwise?
    --
    Python

  • Straw man argument. The Internet is not a neighborhood, its a collection of systems whose security posture DOES effect every other systems security posture. Witness Distributed DoS attacks for a good example.

    Open relays are bad bad bad bad bad bad. There is no reason to run an open relay except out of laziness. SASL, pop before SMTP, authenticated SMTP, libwrap and lots of other methods exist, for free, to secure a relay and yet still make it possible for authorized personnel to use them.

    We already tried the "Gee... lets just let everyone run their MTAs anyway they want" and it didn't work - we got spam. Then we tried asking please and that didn't work. Then we tried lists of known spam sources, and that didn't work. Then someone got the bright idea to scan for open relays so we could block them *before* the spammers started using them. It works wonderfully. Then someone got the bright idea to create a list of dial up users and that has worked out delightfully well too. Thanks to RBL, ORBS, DULS and other black lists we've managed to almost entirely wipe out our spam problem.

    If you want to run an open relay, be my guest - its your business to run your box anyway you want. But I do not have to accept traffic from your relay just as no one is stopping anyone from blocking ORBS *to their systems*. No one is being forced to use ORBS either. But more to the point, sending e-mail to a box is NOT giggling its door knob. No one is trying to break into the open relay. Their just testing to see if it accepts mail to certain destinations and then making note of that. And intent MATTERS.

    Using your example, what if the police came around, checked the door on my house, found it open and then told me about it so I could lock it. I would call that a VALUABLE service. If my neighbor did the same thing, I would also call that a VALUABLE service. Still, the internet is not a collection of houses. Its a collection of interconnected machines whose security posture in interdependtly related to the security posture of the systems around it. Spam is possible because MTAs accept messages as part of a wholy untrusted model. Open relays contribute to this problem by making it possible for spammers to relay their junk thru insecure servers, which directly effects the systems which are secure. Blacklists help mitigate this problem, but a wholy reactive approach like the RBL only catches a fraction on the traffic. Proactive measures, like finding misconfigured and poorly managed relays - and dial up host lists - can prevent future spam from being accepted BEFORE the damage can be done.

    Intent and perspective make all the difference in this. ORBS provides a valuable and useful service. If you don't want ORBS sending your MTA an e-mail message, then block traffic from ORBS. Better yet, if you run an open relay - close it and help make spam go away.
    --
    Python

  • no offense, kuros5hin's been posting "/. censors" posts for quite some time. if i was a /. editor i'd feel an urge to make the comment too.

    and why was /. holding the story? to check the facts (something else they get accused of not doing). and look at this [deja.com] and this [deja.com]. so now /., after being egged on by k5 folks and all the submitters managed to look like it both censored a story and jumped too quick.

    yeay, /. looks twice as bad! now don't you feel better that rab and company look cool while you folks in the "/. are a bunch of posers and aren't we so hip to notice it" crowd can just feel all extra special and warm.

    whatever. i figure i'll just keep reading /. and other news sites to keep informed. i'll actually *do* something if i need to feel cool.
  • ... because they publish dumps of their open relay lists here [orbs.org].. Whee, slurp in open relays and spam away!

    Your Working Boy,
  • If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.

    Perhaps a robots.txt equivalent for sendmail not enabled by default, so that conscientious admins can lock down their boxes and set the scanner to pass along?

    Your Working Boy,
  • You wouldn't believe how long ssh takes to login when the load is 15.

    Heh.. Try logging in with a load of >100.. Did that on an RS6k 7013-570 w/64MB RAM timing out on a massive mail queue (AIX 3.2.5 + sendmail 8.6.X).. Fun!

    Your Working Boy,

  • &rant(on);

    Any sysadmin that has a problem with an ORBS scan is a worthless sysadmin... it's simple... whatcha paranoid about? you dont have the skills to secure your box? get out of the business!

    &rant(off);


    Above.net is actually engaging in some serious, and quite probably illegal shit IMO.. BGP hacks are the kind of thing that most networks slap down on HARD.. Not any shmo can get or is qualified to have an AS..

    Any ethical ISP would boot Above.net from their network, and inform the FBI...


    Your Working Boy,
  • Should the guy get a new server? Sure. But why should anyone be allowed to *FORCE* him to, when *HIS SERVER IS NOT A THREAT TO ANYONE UNDER ANY CIRCUMSTANCES*. Remember, it is *NOT* an open relay.

    Legitimately, if this bug is enough to bring down the server, the coding is probably so sloppy as to present significant security flaws and buffer overflows as well.

    If you're going to be connected to the internet, you're going to need robust, secure software. Does ORBS engage in any non-RFC-compliant communications? We'd hear of lots more issues if it did...

    In other words, yeah, in theory, nobody should be forced to do anything they don't want to do. But in theory, communism works. Wake up and smell the packets.

    I use the same rationale with our NT staff each time I run nessus probes on their servers.. if I can crash your server, just think what a malicious and crafty cracker could do with it..

    Your Working Boy,
  • Finally, what happens if other competitors start advertising bogus routes to competing web pages or services?

    IMHO above.net needs to be bitch slapped, hard.

    Sure, but above.net aren't doing that. What's happening is (approximately) that ORBS' upstream provider is telling the world that it can route to its networks (including ORBS) through above.net. Since above.net blackholes ORBS (as is their right - they're under no obligation to carry traffic they don't want and haven't agreed to carry) anyone trying to use these routes has problems. The fix is for ORBS' upstream to stop advertising above.net as a route to ORBS.

  • I've been begging... pleading... begging some more... for bigfoot.com to start using something like MAPS or ORBS. I wrote a HOWTO and had my bigfoot.com email in there, un-spam-proofed, so now I get 1 or 2 get-rich-quick schemes per day. I send each one to abuse@bigfoot.com, patiently saying on each one "you know, this came through an open relay, and MAPS or ORBS would solve this problem for you..."

    Now that they're pulling this crap, I think my chances of getting a place like Bigfoot to start using their services is oh, somewhere around Zero.

    What would be nice is some sort of tiered system on either service - say 0 to 10, where 0 is everything gets through, and 10 is "filter 'em all, and let God sort them out" and varying levels between the two... 5 would be some opt-in place that doesn't require double confirmation, etc.

    Would that be possible?
  • Is it possible to actually sell stuff through spam drops? Is there any evidence that anyone can actually make cash through it? It seems to me that almost all the spam I get is just offers for buying more spam lists.

    I think its like the banner ad idea. Everyone knows it doesn't work, but for some reason it drives much of the Internet Economy (well the porn side of it anyway)...

    Of course if you have the mentality to believe that the SPAM you are sending out is going to ACTUALLY work, then you probably don't realize how much time you are wasting.

    I think the two most popular peices I get are "new mortage for your home" and "buy an email list." Neither of which seem to relate to me. (I love the mortage ones because I get them to my UNIVERSITY account.... yeah, as if I have a home to refinance anyway).

    Oh well, I guess I'm just lucky I'm good at hitting D-D-D-D-D-D-D-D-D-D every morning.

    ---
  • They didn't. At this point - if you go an check the usenet flamewar that errupted on this topic - its pretty clear that Telecom NZ (ORBS ISP) accidentally routed ORBS traffic to above.net, which was binning it (as was there right).
  • There were a couple of truly offensive posts (I'm not linking them because I don't think the person who wrote them deserves the publicity) going on about how /. had sold out and was censoring news, and managing to get some racism in there at the same time, posted in two stories including this one. I mailed rusty. I expect he'll zap them.

    Thats probably what prompted michael to mention it. In general the /. haters are only a tiny minority on kuro5hin and their stories rarely make it to the main page.

    Since kuro5hin is discussion-focussed and /. is news-focussed I think it is quite appropriate for stories to appear on k5 while they are still rumour, but not make it to /. till the fog has cleared. I personally which michael had waited till /. could be authoritative.

    Clearly /. has not interesting in rubbishing k5, thats just paranoia. k5 is tiny in comparison, and in my view really *shouldn't* grow to /.'s size.
  • Having trawled through everything that was posted on kuro5hin and the usenet posts on this subject, it seems that:

    1. MAPS did indeed blackhole ORBS, but opinions seem to differ on whether it has stopped. ORBS is in the habit or testing random relays without asking permission or having evidence of their use for spamming. Rumour keep arising that ORBS also trawls IP-space looks for relays, and that it is impossible to get them to stop testing you, even if you ask (which gets you put on their static list of sites that refuse to be tested). The MAPS guys consider this to be net abuse.

    2. Other than ORBS, everyone involved denies that above.net falsely advertised routes for ORBS traffic. Paul Vixie seems to think the misperception (or alternatively the maliciously false accusation) arose because Telecom NZ (ORBS service provider) chose the wrong way of routing ORBS traffic around above.net. Above.net have, however, blocked ORBS traffic in their own network, which they have a perfect right to do.
  • "As rusty says, if he does not accept it immediately, he turns it over to the readers to vote on."

    Not true-- I have nothing to do with the process. All stories go into the queue immediately upon submission, and voting begins. Voting determines the fate of the story, completely. I *can* post things manually, but I don't, ever, and voting will always start right away whether I'm around or not. Just a clarification.

    Oh yeah, and if anyone else was curious, as of today there were 3500 confirmed users on K5, and though submissions vary wildly, it seems to be between 5 and 20 per day. Of those, usually no more than 5 or 6 end up being posted, but that varies a lot too.

    --

  • I actually did make up a story about how andover is suing me, on April first of this year. As did raph from Advogato. You can see mine on advogato [advogato.net], and his on kuro5hin [kuro5hin.org]. Just thought I had to set the record straight on that.

    :-)

    --

  • didn't see it posted yet, but there is more information [orbs.org] about what has been going on over at the orbs site [orbs.org].

    the front page on the orbs site also has a list of email addresses to complain to if you don't agree with MAPS's actions. quick cut 'n' paste:


    chris.thompson@team.xtra.co.nz
    dlr@bungi.com
    vixie@redpaul.mibh.net
    abuse@above.net
    abuse@xtra.co.nz
    noc@netgate.net.nz
    kishor@netgate.net.nz


    go forth and complain.

    --

  • Screw the anti-Spam bill, even if it makes it into law. I want cold calls made illegal.

    Unsolicited email is less of an interruption because I'm already sitting there, going through my email. I'm in email reading mode, so it's not a distraction from what I'm doing. The damned phone can ring at any time no matter what I'm doing. It's a distraction, at the least, an interruption if I bother to answer it, which I usually don't. That's what answering machines are for. :-)

    Phones could disappear tomorrow, as long as I've got email and the 'Net, and I would rejoice

    I guess I'll just have to hack up a device for my phone to identify cold calls and disconnect them before the phone rings.

    While we're at it, we ought to get rid of all these businesses trading personal information. If I want to do business with you, I'll get in touch with you. You don't need to come looking for me. 'Cause even if I wanted to do business with you, now I don't, 'cause you've intruded on my life and tried to set the agenda for when and how I deal with you. Well, I'm the customer, so FUCK YOU! I'll take my money and (much more importantly) my time somewhere else, where I'm actually respected as more than just a gaping wallet.

    Oh well, 'nuff ranting.
  • Nah, the real answer is ANSWERING MACHINE and turn the ringer off. YES! Quiet at last. I can now check the messages, mostly blank, whenever I feel like it. IF my wife answers the phone that's her affair. I don't speak to telemarketers.

    I've tried this don't call me shit, and the telemarketer that called Tuesday night was from a company that I had previously told not to call me. That shit doesn't work.

    The simple solution is to ban cold calls outright.
  • I'll probably get modded down for daring to say this but...

    Get a life Signal. It's the decision of the Slashdot staff what to post and when. They've gotten burned several times for posting things without all the facts, and I, for one, applaud them for waiting on this one and posting a number of good information sources within the post.

    Good job Slashdot. Don't listen to the complainers.

    Ben
  • > It certainly has taken slashdot long enough to
    > put it up. This is obviously newsworthy for
    > nerds.

    Without question this story is newsworthy. It is for that exact reason that it should *not* have been posted until the game of he-said she-said that was going was resolved to some extent. Without all the facts, the discussion is not valuable at least if not counterproductive.

    > I honestly don't think starting a flame war
    > between kuro5hin and slashdot is ever
    > going to be productive.

    Agreed. However, it should be pointed out that the two sites appear to have different goals, and the question of which is better is prime flame war material.

    Ben
  • I am afraid an article posted on June 25 won't be relevant to the current situation. Unfortunately, both ORBS's homepage and the following quote from a recent article by Paul Vixie in news.admin.net-abuse.email show that the situation has not clarified.

    Ouch! For once I wanted to be wrong, only to have been premature in my euphoria. Indeed, it appears that above.net is behaving unethically and deceitfully, and that the appearance of "making up and shaking hands" was the result of an earlier incident in June, taken out of context as "spin control" to mitigate the justified outrage at their current behavior.

    Shame on above.net (yet again), and many thanks for pointing out the discrepency (which I'd failed to notice).
  • From The Register:

    We deplore blocking terrorism, and in this case, since it isn't even a commercial battle, these tactics would seem very inappropriate.

    I find this comment more than a little disturbing, probably because it is a shocking mirror of just how deluded and two-faced our collective "corporatised" ethic has become.

    The implication is that "blocking terrorism" (to use the Register's phrase) would be more palatable if commercial interests were involved, but because the battle "isn't even commercial" it is somehow worse! I find this notion profoundly absurd.

    An unethical action is just as unethical if done for commercial reasons as it is if done for private reasons. This notion of "it's business" and "it's my job" vs. "but I'm a nice guy in private" is reprehensible. If an action is wrong in one's private life, it is just as wrong in public or professional life.

    What above.net is doing is wrong. Period.

    I appluad Alan Cox and Kiri5hin for getting the story out, and slashdot for belatedly picking up on it (and, as an aside, I agree with others that slashdot's gratuitious bashing of k5 was unnecessary and unprofessional). There may not be legal recourse, but with enough bad publicity and enough customer defections the same result can be achieved: punishment and future restraint on the part of ISPs who would abuse the internet's trust model and undermine the usefulness of the net for all of us.

    As I said before, above.net needs to be bitch slapped. Hard.
  • 1. It is completely within above's own right to cut off Orbs from its customers. If you are not a customer no point to complain.
    2. Above has a very "interesting" proprieatry routing practice and traffic engineering. It is vaguely described on above site. Go and read.
    3. There have been numerous times when above has shot itself in the foot using 2. Check nanog archive for details.
    So:
    1. There is no point on Orbs side to blame above for maliciousness when incompetence will suffice. It is quite possible that above is leaking routes not out of malice but due to their routing specifics. See 2,3 above.

    2. Orbs are complete and utter idiots. Clueless as well. If someone starts blocking a open relay probing site this is not an indication of active spamming. Usually the opposite (see BUGTRAQ discussion from last Feb 1999 on mail address list collectors and Alan Cox's suggestions). Note that above actually uses the BGP form of RBL as well, not just mail relaying. And I am on above side here as there has been repeated cases when orbs have been actively used by spammers to seek and use open relays.

    3. It is completely within telecom-newzeland's rights or UU-nets rights (as the upstream ISPs of ORBs) to bust above's arse. And if orbs had a clue they would have done the steps necessary for this long ago.
  • The thread "MAPS/above.net monopoly is damaging SPAM-preventio" can be accessed at http://x70.deja.com/ viewthread.xp?thitnum=20&mhitnum=0&toffset=0&CONTE XT=964021144.53477398&frpage=threadmsg_i f.xp&back=news.admin.net-abuse.email&rok=1 [deja.com], or one can go to news://news.admin.net-abuse.email [admin.net-abuse.email] on your friendly local news server. The thread begins 10 July 2000.
  • If this is true (Dont know if you work at or run Kuro5hin), then it is good. You are gaining traffic for free. All you have to do is become compition with Slashdot.org and people who real Slashdot will also read Kuro5hin.
    As an example, I never heard of Kuro5hin until now. I guess I'll start reading it.

  • In some neighborhoods (I'm told -- I've never lived in one :-), the community is so friendly and close-knit that people leave their front doors unlocked. A malicious stranger could drive into such a neighborhood, waltz into a house, and rob/rape/murder freely.

    Suppose that I seek out such neighborhoods by going from house to house, trying front doors to see if they're unlocked -- and then leave notes in people's houses saying that if they don't improve their security, I'm going to put their addresses on a billboard facing the nearest highway. Am I providing a public service, or am I the sort of malicious stranger that the community should protect itself against?
    --

  • ...said that the misdirected routing information was coming from NZ Telecom, the ISP that ORBS is using, and not above.net.

    Can some technically clueful and politically neutral person investigate and report what's happening?

    For an ISP to misroute traffic bound for its competitor is indeed a sleazy tactic -- but since it's sleazy and likely to be discovered tactic, the damage to the perpetrator's reputation would probably not be worth the benefit. Therefore, I would give MAPS and above.net the benefit of the doubt until more information comes in.
    --

  • I would have to agree with many other posters that /.'s handling of this story was extremely unprofessional

    kuro5hin.org has the obligatory "Slashdot is censoring the story!" postings but has at least one seemingly clueful post

    I believe this statement was very dismissive and judgemental towards K5 and an apology is, IMHO, in order.


    --
    Quantum Linux Laboratories - Accelerating Business with Linux
    * Education
    * Integration
    * Support
  • I still don't buy it. You can say "maybe this will have other problems", but if in three or four years, no one has found a way to relay through the server, it is not an open relay.

    ORBS claims to be blocking open relays. In fact, it is doing a lot more.

    ORBS is abusing the net. Yes, a malicious cracker could do the same thing - but if they didn't pretend it was about stopping spam, no one would tolerate it.

    Think about it. Wouldn't *you* expect someone to be kicked off for willfully and repeatedly crashing a box using a known exploit?
  • It's not really a friend of mine, just a guy I know.

    Anyway, he doesn't "fix" the server because, except in terms of *ONE* person doing *ONE* thing, it *isn't broken*. It runs. It doesn't relay mail. It doesn't crash unless ORBS probes it. It doesn't open anyone up to any kind of security problems. On the other hand, it *does* do what he wants, correctly, and without further administrative effort.

    If someone found a bug in your system, and you couldn't easily fix it, would you agree that it was reasonable for your system to be taken down every so often, every time some guy wanted to take it down, and the guy is not only *allowed* to do this, but *encouraged*, because Slashdot readers unanimously agree that, if your server can be crashed, it's your own fault for running a crappy server?

    DOS is DOS. It doesn't matter if the guys doing it claim to have white hats.

    ORBS could stop. They do not have to test this system. The only argument they have for testing it is the belief that it could somehow magically turn into an open relay. It's not an open relay. It won't be. In fact, the most likely outcome of their behavior is that the MTA will be replaced - and the result might be open. If they leave him alone, everything is fine.

    Only one problem with that: Alan can't accept a world where he can't fuck with anyone he wants, any time he wants.

    If you like this, I only hope you have the honesty to still stand up for it when it's your box being crashed by some asshole with a net-abuse-friendly provider.
  • I don't see any abuse of the net in some guy being connected to it with a server that will never, under any circumstances, cause trouble for anyone else.

    I do see abuse in someone being connected to the net and continuing to crash a system after being asked to stop doing so. Maybe the system should be crash-proof. It doesn't matter; once you're told that you're triggering crashes, continuing to do so is script kiddie behavior.

    It comes down to whether or not Alan Brown gets a special license to crash systems at will, which is unique to him and no one else is allowed to do it. I don't see why he should.

    Remember, we are *not* talking about an open relay. We are talking about a box that cannot be used as the basis for any kind of attack on anyone else. It may be flawed, but its flaws are harmless to everyone. ORBS may also be flawed, but its flaws have people being paged at 3AM around the world.
  • Remember, the "flawed" system in question does *NOT* allow for *ANY* kind of attack *WHATSOEVER* against the rest of the world.

    If you are going around searching for guns, and you find a house with no guns, and accidentally set it on fire, and you keep coming back and setting it on fire, even though you know the owner will never leave a gun in his house, and always leaves the door locked...

    There comes a point where the only responsible thing to do is stop probing a given host. If Alan were capable of seeing beyond his own ego justifications, he would be able to leave people alone. But, for now, we are in the world where, if you don't recognize Alan's self-granted right to interact with your systems in any way he wants, he'll tell people you're a spammer.
  • Maybe anyone *can*.

    But, in a number of cases, only Alan Brown *does*.

    That's why he's a black hat, not a white hat.
  • Okay, imagine that you're running a version of Linux that has a bug, such that a remote user can crash your box.

    This exploit is not widely known.

    One guy decides to try to test for a possible security hole. You don't have the security hole, but his test crashes your computer.

    How is this your fault? The bug isn't being tickled except when someone attacks you.

    Now, in the ORBS case, it's worth remembering that ORBS *knows* that this server is secure, and *knows* that this test crashes the server.

    Should the guy get a new server? Sure. But why should anyone be allowed to *FORCE* him to, when *HIS SERVER IS NOT A THREAT TO ANYONE UNDER ANY CIRCUMSTANCES*. Remember, it is *NOT* an open relay.

    ORBS may be "designed" just to test, but they know they are crashing some people's computers, and they don't care, and they won't stop. It's not about stopping spam, it's about forcing people to jump when Alan says "jump". That's not *preventing* net abuse.

    Finally, no, it's not the case that "anyone" can have their system taken off the list. If your system is listed *for relaying*, you can be taken off the list. If your system is listed *for complaining*, nothing will get it taken off the list except saying "Thank you sir, may I have another."

    If ORBS were only about open relays, and they were willing to leave people alone once those people were not open relays, I don't think anyone would mind them.
  • If I tell you that a system does not support a given extension to an RFC, and will crash if you attempt to use it, and you have no intention of actually using the provided service (e.g., mail delivery to my users), and I tell you it's causing trouble and you keep doing it... Yes, it's net abuse.

    If Alan were trying to not crash the server, he'd stop probing it.
  • I don't think above.net is "competing" with ORBS. You might say that MAPS is, but really, they're going after totally different goals, for different reasons.

    ORBS is about blocking open relays, and about blocking people who don't like the massive testing and retesting they will do of any computer they've ever heard of.

    MAPS is about stopping email abuse.

    When you think about it this way, it's obvious that MAPS has to list ORBS.
  • Thanks for that note, rusty!

    I thought I remembered reading that a few months ago when I found your site - guess I was wrong and I should have read it again before I went off and posted.

  • But you bring up some semi decent questions, but they are ones that make perfect sense if you think about it a little bit.

    Look at Kuro5hin. Look at the number of stories that get posted - what is it, about 5 or 10 a day? As rusty says, if he does not accept it immediately, he turns it over to the readers to vote on.

    Now, I have no idea how many users are on Kuro5hin, but I am willing to bet it is a hell of a lot less than /. (Yes, I have a kuro5hin account too, and I have submitted my fair share of messages and stories). Now, how many things get submitted over on Kuro5hin? /.?

    I saw emmett here in Kansas City at the Linuxfest 2000. In his talk he said there were something like 600 submissions a day. Even with all the duplicate submissions, that is ONE HELL OF A LOT! Say only 10% of all the submissions are unique - that is 60 stories a day. Of those I am sure a lot of them are absolute crap. And a lot of them probably don't have links. So say only 2/3 of those are any good. That is still 40 a day, which in some respects is a bit overboard to try and keep up on.

  • Without passing judgement on the quality of either system, let me say this:

    1) A simple probe to see if a mail server is relaying or not is by no means an 'attack' and does not harm anything.

    2) The only reason any of these services work are because ISPs *CHOOSE* to use them. THey do not censor anything themselves, the ISP DOES.
    A fundamental principle behind the internet is that each piece of network can grow *as it wants to* carrying whatever traffic *it wants to*. IF they want to block traffic based on what a third party says.. that is THEIR RIGHT.
  • There was no intent to beat up on the site. I like kuro5hin, I have an account there.

    The intent was to beat up on the conspiracy theorists, who mainly reside on slashdot.org but seem to have migrated to k5 as well.

    I hope people can see that the site and the posters are two distinct entities.
    --
    Michael Sims-michael at slashdot.org
  • Lonely Lily was a Usenet spam that came out of some place in China (I think it was China -- maybe Taiwan or Hong Kong). The spam was for a porn site, and the sender spoofed it to look like it was sent from pobox.com. People did track it down to the real originating host and managed to cancel the articles.
  • Please take this as constructive rather than destructive. I think that slashdot would benefit if it would communicate better with its audience. We have a tendency to be suspicious of everything and Slashdot has done little to quell those fears of it becoming a big corporation. Most people here equate Big corp==Evil rightly or wrongly. Once Slashdot got bought out by Andover those fears have gotten worse with time and Slashdot will probably always be questioned for alternative motives. I think it would benefit everyone if a state of slashdot/future of slashdot is posted not just as an article but somewhere in the more static pages. (at least a link somewhere on the front page to it). I dunno maybe its just pointless, but I would like to think that I can trust people better who explain their motives (at least a little bit).
  • One of the problems occuring in this epic battle (must make it seem bigger and more dramatic than it really is) is above.net playing games with the BGP4 routing tables.

    Since I am off in remote (in internet terms) places on a special project, I can't really see what is going on with the BGP routing tables. But people have been pinging me over the last few days because someone is poisoning the route info to get to ORBS.

    Someone is injecting false BGP4 routing information into the internet, to advertise shorter routes to the whole class B subnet (202.36/16) containing ORBS class C subnets (202.36.148/24). This effectively sucks all the traffic to their routers and then to /dev/null. It certainly is causing problems in Europe, even though the guilty party mostly hauls traffic across the pacific ocean. It is also causing neigboring sites in 202.36/16 to disappear.

    I'll leave it up to the rest of the /. community to argue the finer points of who is evil, who is selling out, who is saintly, who is spamming/cracking. Most of it is name calling. A real, old-fashioned internet flame fest!

    I was a bit concerned by /.'s slowness in posting this story. Its been all over news.admin.net-abuse and #NANAE since mid-may. Give it a few more days, and someone will yield, hopefully ORBS and Alan's uncooperative policy of victory at any cost.

    the AC
  • Responding point-by-point:

    1. The server admin has no control over what sites are blocked.
      Frankly, I don't have time to keep up with the spammers. They find new open relays every day. I'm just as happy to let someone else spend 10-12 hours a day chasing them, and if they block something I don't like, I don't have to use them.
    2. They change dynamically, and could potentially block sites you were talking to days before.
      That's the point, my friend! They change dynamically, just like the spammers do! If a site I was talking to days before gets a new admin, a new version of FooMail, a new routing table, whatever, and the spammers start abusing it, I want it blocked until the admins fix it. And once it's been fixed, these blackholers are traditionally very responsive in removing the system, just as dynamically.
    3. Petty disputes like this one will cause trouble.
      Fortunately, there are more than one, and you can mix and match your blackholing sources. Would you rather have a single source and no choice at all? Besides, there are going to be petty disputes over everything, no matter what solution we choose.
  • I find it funny when there is such a great evil abound that is so evil that the good guys start fighting each other about it.

    Really, the best people to benefit from this war arre going to be the spammers. Why don't they do the corporate thing and merge?
  • Frankly, I don't have time to keep up with the spammers. They find new open relays every day.

    I don't know why we need a service for ORBS. Why can't I just adjust sendmail to not recieve mail from open relays, i.e. do what ORBS dose, but keep no database. Shure, it's more email load for the internet, but these are small infrequent transmitions so it wont bring anyone's system down.

    Fortunately, there are more than one, and you can mix and match your blackholing sources.

    Now, this is a good idea execpt some lists (ORBS) are much longer then others (MAPS), so you really need a thumbs down, neutral, or thumbs up flag, i.e. block everything ORBS tells you to block unless MAPS specifically says not to block it.
  • Man I miss the days where when someone spammed, or crossposted unrelated material on usenet, their site was attacked by crackers and severly damaged. Unfortunately that it is illegal, and there are too many sites and people who need to be taught a lesson.
    Those were the good old days.
  • Frankly I expect most spammers to ignore the law, but if anyone gets caught spamming, the prosecutors can whack them hard enough with these laws to keep from doing it again, even if they can't pin other offenses like fraud or FDA violations on them. Sort of like sending Al Capone up the river for income tax evasion rather than for murder, bootlegging, and promoting gambling and prostitution. Hopefully, anyway.

    You're probably right about pushing this offshore, but I'm willing to bet that US citizens sending spam from the US to the US by way of an offshore open relay will still be prosecuted under the law.
    --
  • is taking so long, look no further than here.

    12:09pm up 1 day, 18:21, 1 user, load average: 13.08, 13.59, 13.66

    The /. crew have nicely saturated our server with hits, and actually made the Dual PPro 180 w/ 256mb of ram swap (I've never seen it do that before).

    You wouldn't believe how long ssh takes to login when the load is 15.

    Thanks for not censoring this story by DDoSing the competition or anything, Michael ;-P
    ---
  • Been there, done that, forgot to turn off the send myself a copy feature.
  • Seebs is 100% correct.

    ORBS attacked my site with their probe attacks.

    I sent them a e-mail:
    1) Asking why they attacked my site.
    2) Asking them to provide proof that my site was used for spam.
    3) Asked for this information to be sent via snail-mail, as I would be adding thier hosts to my access list as REJECT.

    They attacked it, and within 8 hours I wrote my letter....why was I able to write in 8 hours? I watch my logs (like any good sysadmin) That is why I wanted to see PROOF of the 'spam'...if I didn't see it in my logs, I wanted to know how a spammer would have done it.
    In fact they had me in their 'cartoonie threats' catagory BEFORE their automated system listed my site as OK.

    And now, I hear my site is listed as "selectivly open relay", when the reality is that my host is not, nor has it ever been a 'open relay', selective or not.

    If ORBS was reasonable, then I'm sure they would have the good will that MAPS has. But, given ORBS bullying tactics and placing hosts in their lists because they object to blind probe attacks, ORBS should be listed in MAPS!
  • Is it that the editors are that much more busy, now that they get paid to do what they did brilliantly for free?
    Excuse my ignorance, but I thought the editors still were almost all unpaid. Is this wrong?

    I'd cut them some slack here. I think it's laudable to try to verify such an inflammatory story rather than rushing to get it posted.

    - The Boston Lunatic

  • We'll get flamed both for running this stupid story at all, and for not running it sooner.

    The life of a journalist is a hard one. Hey, there has to be some downside to the power to cloud men's minds. :-)

    Seriously, as long as you've been honest and honorable (which you have), that should be a sufficient moral defense.

    - The Boston Lunatic

  • Since this is being posted several days into the story, I doubt anyone will read it. Nevertheless, here's a link to further coverage on The Register [theregister.co.uk].
  • Spammers do these blind probes to find open relays.

    ORBS do these blind probes to find open relays.
    Spammers use the open relays to pass spam.

    Right so far.

    ORBS publish these open relays so spammers can use them to pass spam.

    Wrong, wrong, wrong. If you are smart enough to run a server you have to be smart enough to know you are talking out your tailpipe here, so the conclusion that you are deliberately lying is a reasonable one that many readers can be expected to make.

    As you must know, what ORBS does is use the same checks a spammer would to find exploitable open relays to use, but UNLIKE a spammer, instead of exploiting your security holes, they inform you of them (or at least make a legitimate effort to inform you of them, more on that in a moment) and DO NOT PUBLISH the problems they have found unless you refuse to rectify the situation within the next 30 days! IF you refuse to fix the problem within 30 days, it does not seem unreasonable to suppose that you have no intention to fix the problem, and therefore it makes perfect sense that they feel the need to publish your site as one that their subscribers will not want to accept traffic from. If this is wrong, I'd love to hear you explain why.

    Looks like ORBS is just a front for spammers, doesn't it?

    No, it looks like they have implemented an effective way to fight spam. MOST system administrators are quite happy that ORBS is out there trying to find security problems BEFORE the spammers do, and notifying responsible parties BEFORE their equipment is hijacked.

    The fact that you object to this certainly suggests to me that YOU, not ORBS, might be fronting for spammers.

    What part of "I am blocking your site, so please use snail-mail" were you not understanding?

    I think I understand you perfectly, I think most people reading this will understand you perfectly, and I think Pi showed complete understanding of what you are saying when he wrote:

    I understood your message entirely. You didn't want them to contact you at all so you made sure they couldn't. And now you rant about it. Great work.

    When you block their traffic, refusing to allow them to inform you of the problems they find in your network, what option do you leave them? Should they bother to snail-mail someone who is so obviously carrying a chip on your shoulder against them? I certainly wouldn't. Even if you aren't a spammer or knowingly providing services to spammers (which is a reasonable suspicion given your own account of the situation) then for whatever other reason your attitude is going to make it pointless for them to waste their time trying to talk with you. They made a reasonable effort to contact you, you chose to do the equivelent of sticking your fingers in your ears and chanting while they talked... you deserved what you got, and probably a lot worse.

  • Unfortunately kuro5hin is currently slashdotted [kuro5hin.org] so I cannot link to the post to the conversation of the original submitter of the story. This story broke yesterday, the reason it got to kuro5hin so quickly was because someone read Alan Cox's diary and posted it.

    To put things in perspective kuro5hin has an average of 2 or 3 stories in its submission bin at anytime while slashdot has over 400 (the last few times I've submitted a story it's been 450). So it is understandable if it takes them a little longer than kuro5hin to get a story posted since all it takes is a handful of yays to get it to the front page.

    Remember also that just yesterday slashdot got bitten by a fake story [slashdot.org] and don't forget the story about the Oracle NIC violating the GPL that turned out to be bogus (can't find the link for some weird reason). Frankly I applaud Slashdot for showing restraint in posting this instead of rushing this to the front page like the many Bruce-Perens-someone-is-violating-the-GPL stories that could have been settled amicably by sending an email or two but instead turned into public tar-and-featherings.

  • i fail to see your point. ORBS crashes some mail servers? How is that ORBS fault, it seems like a bug in the mail server. After all, ORBS is not designed to crash systems, merely to test them.

    You complain that ORBS lists servers that do not cooperate. Well, if they didn't, obviously the system would be totally ineffective.

    You claim that ORBS blacklists people who complain about them. How is that possible? Anyone can go to the ORBS site and have their system tested and taken off the list if the test passes.

    The point of ORBS is they are a big bully with a stick. If you have a misconfigured mail server, they whack you. Yeah, it's tough. But it's the only way to do things. Saying "please" doesn't cut it. Everyone acknowledges that open relays are a problem - someone has to put pressure on companies, indivuals, and ISP's to put forth the effort to change them. If you are an IS guy, ORBS can be your friend. If you need a better mail server, telling your boss that it would be nice if they spent money and time and got a new mail server because your current one may allow spam is usually ineffective. Your boss doesn't care about spam. But telling your boss that the company could be blacklisted if they don't upgrade is a different story. You'll get what you need to do a proper job.

  • I think your use of the word "attack" is a bit of an overstatement. There is a total of 12 different SMTP transactions. I've had probes come over my heavily overused 28k8 line (it routes a /27 full of workstations) on a heavily underpowered mailserver (486dx4 with 16MB) and never noticed anything apart from the logfile entries.

    I can't really judge your case without having an IP-address to look at the history. However, demanding that they mail you information over snailmail is not exactly showing an open mind from your side. Sounds much like "send me a signed letter so I can feed it to my lawyer who will crush you like a bug HAHAHA", which would indeed fall under the "cartooney threaths" department. However, I wasn't there, so without seeing your email I again can't judge what happened.

    Finally, you were listed as "untestable", which gives a distinctive reply (as in, not 127.0.0.2) when looked up through the relays.orbs.org zone. It also does not appear in the much cleaner inputs.orbs.org zone.

    HTH. HAND.
    Pi
  • A few notes about your insightful post.
    • Your friend's mailserver is a security vulnerability. The vendor-provided update should be installed pronto.
    • I have witnessed one incident with a mailer crashing in the past and have been very helpful with the administrator of said server. I went as far as temporarily blocking access from the tester on our border router. It was in the planning to even add explicit banner-checks for mailers that choked on this particular test if more reports came in (none did).
    • They're not telling people you're a spammer if you don't allow their probes. They are telling people that they cannot verify that you are a spammer and leave the jumping to conclusions to implementing parties. Paranoid people will feed their rejects out of relays.orbs.org and dump you. The more optimistic admins will simply add a score-tag or take the inputs.orbs.org zone and let your mail go through.
    • ORBS didn't retaliate by farming out the relaytester. It was consistantly hosted by MIS, until telecomNZ got pressured to force them to drop it. Then it was consistantly hosted by Vuurwerk. It was moved out of necessity, not out of strategic considerations in an attempt to piss off administrators and thwart their security policies.
    HTH. HAND.
    Pi
  • Yea spam works for the clueless. Per day there is always a "net newbie" some where. The first time of spam you got when you "jacked in" to this new weird "Internet super highway", you read it right? You thought "Who is this and why are they here" and though "hey this looks kinda shady..." or "hey this is kinda intersting". This is how it works. After you second day on the net you say "goddam quite sending me this stuff", but

    there is always someone saying "How nice of them, I just signed up 2 minutes ago to my ISP and they are mailing me a way to make millions on the Internet, thank you buba_make_money_juice@hotmail.com, you are a kind soul"

    After you say get 5 spams, you just stop reading them and you build an natural defense for spam where it no longer works.

    I wonder what the first spam ever sent out was?

  • Hi. Read this: http://www.kuro5h in.org/?op=displaystory&sid=2000/7/18/122257/231 [kuro5hin.org]. Please don't b-slap me; this is important!

    --
  • Some folks aren't as lucky as most of us. If I decide to upgrade or change my companies mail gateway, I just do it. I tell my boss, and if I'm in a good mood I tell my users. Because of my track record, I get to do that.

    Now, most mail admins for larger companies aren't as lucky. Of course, one can argue the wisdom of running with software we all know to be substandard, but a fact of life is that there are a lot of folks out there who do not have the luxury to upgrade something the PHB thinks is doing an okay job.

    Heck, part of my perceived good track record is the fact that I kept a piece of junk called cc:Mail alive well beyond its design limits for the better part of four years. I did this by employing tactics like rebooting the SMTP gateway every half hour, duplicating the thing and setting up equal weight MX records to distribute the load, etcetera.

    The problem is, everyone knew cc:Mail was a piece of sh^H^Hpowerful fertilizer that grows your business. But as long as the PHB sees his salesman on the golf course and gets the confirmation that if his staff can't keep the server alive, it's the staff that's incompetent, because, here, look: FooBar corporation uses the same software and it works just well and that's a really nice shot, shall I retrieve your golf ball from the bunker?

    The bottom line is that forcing people to upgrade their system is not particularly going to be good for the poor sod who actually runs that system.

    I'm always grateful when really damning bugs appear in software I don't particularly happen to like. But I frown on the practice of ramming upgrades down peoples throats.

    cc:Mail was replaced by lookOut. I refused to go implement that, so people were hired to do that. I just do the firewall now. Not everyone is so lucky, or willing to speak up against powerful PHB's, or... you name it. Welcome to corporate reality.

  • Don't put words in my mouth. I never said I advocate charging per use for any kind of e-mail, and I never will.

    All I said was that if you want to stop spam, you gotta make it cost companies more to send it than they hope to get back. There are a lot of ways that a consumer can cost a company money, many of which are perfectly legal. Your habbit of calling their 800 numbers is along the lines I was talking about.

  • Man I miss the days where when someone spammed, or crossposted unrelated material on usenet, their site was attacked by crackers and severly damaged. Unfortunately that it is illegal, and there are too many sites and people who need to be taught a lesson.

    Yup. Unfortunately, spammers don't play by the rules. They frequently break into e-mail accounts, or coerce the gullible neophyte to provide an account name and password. Therefore, forgive my skepticism, I doubt there's much that the government can do about it.

    Lots of spam originates from XXX websites, and from people selling CD-ROMs of e-mail addresses. There's absolutely nothing to stop you setting that up offshore. Liberia, for instance, has laws that protect the anonymity of company owners; this anonymity is a big reason why a lot of ships fly the Liberian flag - less personal liability to the owner.

    All you'd need to do is register a Liberian corporation (which does not require citizenship or even residency), get an account with a Liberian ISP, and spam to your heart's content. The Liberian government wouldn't provide your name or any other information to you, even with a US demand.

    There has to be a way to put a stop to that possibility.

    Those were the good old days.

    Back when Usenet was still useful. Back when you could put up your e-mail address on a webpage that would be viewed by either Lynx or Mosaic exclusively. Back when my e-mail took seconds to download, even with my old acoustic-coupled 300 baud modem...

    <sigh>

    The only solution that would do this is to declare war on spammers, and attempt to hack all of their systems to their knees. But, legislation would have to be in place that respects the self-governing nature of the Internet and ensures that acts of electronic vigilantism like this are only allowed to be directed at those who are, indeed, by legal definition, guilty of spamming. We don't want to legalize DDoS attacks agains Yahoo, etc.

  • According to the bill you can sue for 500$ for each piece of spam you get. Wow, I'm sure there are ISP's that get thousands to millions of pieces of unwanted spam mail everydayt.

    Actually, more importantly is the cost of the legal representation, because you can bet the spammer isn't going to be getting into the habit of passing out $500 to everyone who complains.

    More likely, it'll mean that the spammers will just work harder to cloak themselves better, or move offshore.

    It's not going away, folks.

  • shall not be liable for any harm resulting from the transmission or receipt of such message unless such provider permits the transmission or retransmission of such message with actual knowledge that the transmission is prohibited by subsection (a) or subsection (b)(1).

    Does this mean that if I have an open SMTP server I can be held liable for junk e-mails flowing through my system?

    I'm not a lawyer, but I think this says that if you know you're relaying spam, you're liable. If you don't know, you don't know, and won't be held liable. (But it would be a pretty damned good idea to make sure your servers are secure, anyway.)

  • While we're at it, we ought to get rid of all these businesses trading personal information... Well, I'm the customer, so FUCK YOU! I'll take my money and (much more importantly) my time somewhere else, where I'm actually respected as more than just a gaping wallet.

    Yup.

    I have no problem with doubleclick.net and stuff like that building huge anonymous user-tendencies. It increases user clickthrus, meaning more money for the website, and ads that are more likely to reflect my interests and maybe even solve a problem that I have.

    But when they cross the line and connect that with personal information that identifies me as more than just a cookie number in a browser cache, I resist it just as strenuously as you do.

    Of course, all my doubleclick.net cookies have modified user names and are now write-protected to provide me a bit of anonymity again.

  • >I make a point of running up the toll-free long distance time on the phone numbers they advertise

    Be sure to do this at pay phones. Extra $0.35 or so charge to the bill.

    Ooh, good idea!

    And, how many of you have sent bills to the spammers and then taken them to small claims court when they didn't pay?

    Sadly, I'm in Canada, so while it's been tempting, it would be rather hard to collect and even more difficult to bring a court case, since most of the spam I get comes from American spammers...

  • by warmcat ( 3545 ) on Wednesday July 19, 2000 @09:44AM (#921758)
    On the first link, yeah, ORBS is not saying it is in the Black Hole, but that above.net has been issuing router pollution all by itself to make orbs.org unreachable to chunks of the internet. See what ORBS themselves has to say [orbs.org]. I don't think they're going to say this stuff unless they think it is true!

    -Andy

  • I love how, if we post cutting-edge information that hasn't totally been verified, we get flamed for being "just a rumor site."

    But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."

    I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.

    Personally I'm getting a little sick of this. I got flamed up and down for running the story [slashdot.org] about Ryan Meader's leaked plans for the Apple Cube; I saw a dozen "proofs" that he faked the whole thing right down to the letter from Apple. And what did Apple announce today? The Cube. [apple.com] Please send your lengthy apologies complete with $50 checks or money orders to: jamie@mccarthy.org [mailto]. Thank you.

    More seriously - your rude remark about "book-content fodder" is bunk. You know, or should know, that Slashdot has already decided not to run a book [slashdot.org] of readers' comments without getting permission from those who posted them (which basically means not running the book at all, because 100% of the readers will never respond).

    It's easy for you to whine about how unfair it all is that Slashdot is delivering ad banners, but when it came down to brass tacks, we yanked an entire book and probably lost a lot of money, because it was the right thing to do. Of course, acknowledging that would just distract people from your point, which was, obviously, to bash us.

    Jamie McCarthy

  • by FreeUser ( 11483 ) on Wednesday July 19, 2000 @07:49AM (#921760)
    The fix is for ORBS' upstream to stop advertising above.net as a route to ORBS.

    Yes, and that is a reasonable fix.

    However, my understanding is that ORBS went much further than that: they advertised routes with very low metrics designed to lure packets away from valid routes which wouldn't have gone through them at all. This had the effect of shutting down legitimate routes which had nothing to do with above.net.

    The fact that there may be a fix (hell, pulling the plug on above.net altogether would be a fix) doesn't make what they did any less reprehensible and inappropriate.

    I say this as an unaffected, non-ORBS using observer. If above.net was trying to destroy their own business, I can't think of too many ways they could have started more effectively. I am sure there are many thousands who are far more ticked off than I am.
  • by jabber ( 13196 ) on Wednesday July 19, 2000 @07:18AM (#921761) Homepage
    Once the site (K5) recovers, please, everyone go and read it, and decide how "bashing" it really was. It was never my intention to bash /., I like the site a lot. I didn't intend to start a flame-war. All I did was ask some questions that inadvertently questioned the integrity of our gracious hosts, Taco, Hemos, et al. A simple answer of "You're on crack!" would probably have sufficed.

    Here's the jist of what I had to say:

    A pretty long time ago at this point, /. was a reliable source of breaking-news in the technology sector, a source of obscure scientific research and a valuable resource of technical information.

    As /. has grown in readership, the stories chosen by the editors for posting on the front page have changed. They are not nearly as edgy anymore, and tend to 'cater to a mass-mentality' instead of trying to inform individuals.

    The topics covered are more political and opinion-feeding rather than factual, and they are a lot less timely. News breaks elsewhere now, and /. picks up the pieces a bit later.

    Now, my "bash" consisted of asking "WHY?"

    Is it that the editors are that much more busy, now that they get paid to do what they did brilliantly for free? Is it that Andover wants some assurance that a story isn't being fabricated, just so someone out there can take pride in being slashdotted? Are the stories chosen specifically for the amount of opinionated discussion they will create, possibly for book-content-fodder - since there is less fact and more opinion with each passing month?

    Or (and here's the "bash") are the editors getting some benefit from bringing in more and more eyeballs, and so they choose the more dilute stories to post, so they will be accessible to more and more eyeballs?

    My subversion simply asks, 'are Rob and Jeff catering/reacting to the interests of /. readers; or are they running the biggest troll of them all in exchange for payment for most ad-banners served?'

    If I'm making unfair accusations, I've already offered on K5 to print my post and eat it before a live audience. But it has been a really long time since we've had a "State of the Slashdot" article from Taco; perhaps it's time for a Slashdot Interview with the Slashdot Staff; just to get this kind of thing off of my (and our, perhaps) chest?
  • by Black Parrot ( 19622 ) on Wednesday July 19, 2000 @09:04AM (#921762)
    >> kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post

    > Why did you mention that?

    Because if they didn't, then someone would accuse them of censoring that story.

    --
  • by ctm ( 38479 ) on Wednesday July 19, 2000 @06:22AM (#921763)
    I think its pretty stupid to start crappin on a poster in kuro5hin that thinks slashdot was censoring this story. It certainly has taken slashdot long enough to put it up. This is obviously newsworthy for nerds. This story was up yesterday on kuro5hin and it has to go through moderation by the whole community whereas slashdot only needs one moderator to approve it. I honestly don't think starting a flame war between kuro5hin and slashdot is ever going to be productive.
  • Some traceroutes to orbs.org from a handful of places on the internet. Edited for brevity. The !H results are ICMP No Route to Host responses.

    Traceroute Output that fails because above.net eats the traffic...
    FROM www.isp.at TO orbs.org.
    traceroute to orbs.org (202.36.148.21), 30 hops
    4 Vix-ATM-155.inode.at (195.58.160.209) 5.048 ms 12.202 ms 12.646 ms
    5 vix.above.net (193.203.0.45) 7.672 ms 5.304 ms 8.382 ms
    6 208.184.102.49 (208.184.102.49) 6.614 ms 6.674 ms 7.122 ms
    7 208.184.102.130 (208.184.102.130) 30.216 ms 29.016 ms 30.927 ms
    8 208.184.102.142 (208.184.102.142) 28.991 ms 32.004 ms 29.605 ms
    9 208.184.102.138 (208.184.102.138) 51.13 ms 51.809 ms 50.449 ms
    10 216.200.254.77 (216.200.254.77) 125.319 ms 126.959 ms 126.231 ms
    11 core1-core3-oc48.iad.above.net (209.249.203.34) 126.821 ms 126.721 ms 125.09 ms
    12 207.126.96.121 (207.126.96.121) 207.957 ms !H 207.261 ms !H 206.349 ms !H

    One that succeeds because 202.50/16 is not blackholed by above.net
    Tracing the route to orbs.org (202.50.71.133)
    ...
    9 telcomnz-gw.customer.ALTER.NET (157.130.224.90) [AS 701] 8 msec 8 msec 8 msec
    10 s5-1-3.akbr1.netgate.net.nz (202.37.246.246) [AS 4648] 200 msec 204 msec 204 msec
    11 xtra.akbr1.netgate.net.nz (202.37.245.150) [AS 4648] 148 msec 148 msec 148 msec
    12 203.96.111.218 [AS 4648] 180 msec 156 msec 160 msec
    13 210-55-195-1.dds.xtra.co.nz (210.55.195.1) [AS 4648] 356 msec 604 msec 888 msec
    14 DMZrouter.manawatu.net.nz (202.50.71.26) [AS 9325] 248 msec 180 msec 340 msec
    15 orbs.org (202.50.71.133) [AS 9325] 300 msec 428 msec 240 msec

    It seems that since the slashdot effect occurred a few hours ago, Vixie and others are taking steps to fix this problem. Sometimes things happen very rapidly on the internet, when enough voices are complaining.

    the AC
  • by Inoshiro ( 71693 ) on Wednesday July 19, 2000 @09:11AM (#921765) Homepage
    Hehe... I am an admin [kuro5hin.org] there :) Me and Rusty are the guys who work on it. Rusty wrote Scoop [kuro5hin.org], the weblog engine we use, and I do the more practical Unix admin stuff. Being an admin isn't anthing special because K5 is all user run (story moderation, etc).

    We're sometimes on #kuro5hin on irc.kuro5hin.org (same IRC network that hosts #slashdot), can be mailed, etc, if you want to chat with us.

    As for traffic being "free," someone has to pay for bandwidth.. :) But it is nice to get some extra people to read and help the site grow.
    ---
  • kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post

    Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true.


    Isn't this a Slashdot is censoring the story post? [kuro5hin.org]. How about this one? [kuro5hin.org] The post isn't attacking K5, all it points out is that there were several posters on kuro5hin who post slashdot-is-censoring-the-story-messages daily on kuro5hin. Frankly I read K5 everyday and literally every two or three stories has somebody complaining about how slashdot is censoring the story.

    PS: Now for a real conspiracy, ask why slashdot hasn't posted this story [kuro5hin.org]. It has beeen submitted several times by myself and others on kuro5hin but is always rejected.

  • by tjwhaynes ( 114792 ) on Wednesday July 19, 2000 @10:20AM (#921767)

    I love how, if we post cutting-edge information that hasn't totally been verified, we get flamed for being "just a rumor site." But if we wait a few days to try to see if the truth congeals from the flood of questionable facts, we get flamed for being, as you say, "a lot less timely ... News breaks elsewhere now, and /. picks up the pieces."

    I used to get upset at getting flamed on Usenet. I don't anymore. Why? Any time you put something vaguely controvertial up in a public forum with a reasonable amount of readers someone will disagree with it. Out of those with disagreements, there is a fair chance someone will fire off a response without their brain in gear. Or even post a reasoned rebuttal - scary but it does happen. Slashdot is about as public as it gets - I note the number of UserIDs appears to have run passed 200,000 now so I'm not surprised in the slightest that thoughtless stupid flames get received by /.

    I'm guessing both, in the case of this story (it's starting to look like MAPS wasn't blacklisting ORBS, as ORBS' accusation and rampant speculation on a lot of other forums would have it). We'll get flamed both for running this stupid story at all, and for not running it sooner. Grrrrrrr.

    Have a Ramapant Speculation section then for unverified information. Make everyone happy. Give it a extra icon that can be added to show once a story is verified or refuted.

    Just my 2c. And ignore ignorant flames - they can go in the bit bucket. Just make sure whatever filter you use recognises real constructive critism as well! :-)

    Cheers,

    Toby Haynes

  • by magnetx11 ( 152596 ) on Wednesday July 19, 2000 @06:19AM (#921768) Homepage
    Question: Do any Slashdot readers really think SPAM is an effective form of advertising?
  • by Golias ( 176380 ) on Wednesday July 19, 2000 @06:43AM (#921769)
    you forgot

    8. SPAM works, because it is so much cheaper than mass-mailings that a return of one customer per 10,000 messages will probably pay for the costs, and everything else is pure profit.

    The only way we can reduce spam is by making it cost something to send it out... and a complaint is not considered much of a cost to the sort people that use spam.

  • by FreeUser ( 11483 ) on Wednesday July 19, 2000 @07:37AM (#921770)
    Right. But they're not doing that.

    I am not an above.net customer. Nevertheless, they have taken the choice of whether or not to use ORBS away from me. Thus, they have denied a non-customer the right to use that service.

    The fact that I have until now chosen not to use their service is irrelevent: I resent having that choice taken away from me as a result of above.net's behavior.

    From what I have read above.net are denying others access to ORBS, by advertising null routes with very low metrics to the rest of the net. This has apparently caused links which could be routed to and from ORBS to non-above.net locations via either above.net or an alternate backbone providor to default to above.net (a lower metric says "I am the shorter route, use me!"), where they then get routed nowhere.

    This has the effect of blocking ORBS from ISPs and users who are not above.net's customers.

    Above.net denies this. ORBS broadcasts the assertion. Other observers who appear to be less involved (read: more neutral) have commented that ORBS assertions as to cause and effect appear to be accurate, even if their assertions as to motive may not be.

    Add to this that ORBS has apparently shut down their service altogether. This could be a publicity stunt, but I think most reasonable people would suspect it has more to do with technical problems stemming from above.net's behavior than political fallout.

    Taken as a whole, it appears that the accusers have offered significant evidence of wrongdoing, while the accused have responded with disclaimers and denials, but no evidence to refute the accusations. As a neutral but technically competent observer I am, for the moment, inclined to believe what others have apparently confirmed.

    I'll reiterate: what above.net is doing is wrong. It is unethical. It is immoral. It is reprehensible. And it is destructive to the very trust model upon which routing throughout the internet relies.

    They may not be in legal trouble (though I suspect even that stance is open to dispute), but they are in a whole lot of PR trouble, and they clearly deserve to be.

    If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.
  • by FreeUser ( 11483 ) on Wednesday July 19, 2000 @06:29AM (#921771)
    There was an interesting discussion [kuro5hin.org] about this yesterday on K5.

    The views on this controversy are diverse and conflicting, to say the least.

    My personal take: I don't use ORBS and I have no opinion on the quality or fairness of ORBS' anti-spam service, but for another entity to unilaterally deny users who are not their customers the right to use the service, however flawed it may or may not be, and to do so by undermining the very IP protocols we all rely on is reprehensible in the extreme.

    That above.net offers a competing anti-SPAM product is not merely suspicious, it is damning.

    Finally, what happens if other competitors start advertising bogus routes to competing web pages or services?

    IMHO above.net needs to be bitch slapped, hard.
  • by RISCy Business ( 27981 ) on Wednesday July 19, 2000 @07:33AM (#921772) Homepage
    ORBS is not like MAPS. MAPS relies on submissions and actual proof. ORBS has a policy of 'blacklist all by default, if not, go out and hunt them down.'

    In other words, ORBS is a hostile system, which will deliberately and intentionally probe your mail servers without provocation, without permission, and then blacklist you and refuse to remove you, whether or not you fix it or a problem really exists. I have had to deal with the assholes there before. They're worthless. Anyone who would respond to an email requesting to be removed as the blacklisted server is not a relay with the words, and I quote "use a real mail server" and calling the administrator an "idiot" repeatedly... well, draw your own conclusions.

    ORBS also appears to either be utilizing systems outside of their network for scanning to evade the blocking that hundreds of ISPs use against them (which results in ORBS blackholing them). Possibly cracked, possibly legitimate. I don't know - all I know is that I have always treated ORBS as a hostile entity after I saw them attempting connections on a variety of ports to a mailserver. I've been keeping ACLs up to date to keep the assholes out since.

    MAPS realistically *should* be blackholing ORBS, and likely DOES (I don't subscribe to MAPS, RBL, etc - I feel the methodology is flawed.) due to the fact that ORBS deliberately seeks out relays. I wouldn't put it past ORBS to be selling open relays, perhaps their entire black hole list, to spammers. They've proven to be those kind of people in the past, and still are.

    Those of you looking to block ORBS, I'd recommend dropping all packets from the entire /24 that www.orbs.org is on, as well as i2bs.com, probably half or all of dN.net (Verislow's digitalNation), and anything that so much as looks like ORBS. Sure, you may lose some legitimate traffic, but miniscule at best. And the only way ORBS is going to get the hint that their methods and policies (or lack thereof and/or lax enforcement and/or personal problems/mental problems) are NOT welcome is if they suddenly find themselves shut out.

    =RISCy Business
  • by Tackhead ( 54550 ) on Wednesday July 19, 2000 @07:22AM (#921773)
    MAPS and ORBS have two different goals.

    MAPS - is about preventing abuse of the mail system, in any form. Present methods of abuse are mainly centered around direct-to-MX spam from dialups with lax signup policies, DOS attacks in the form of multi-megabyte mainsleaze "we sent you an MPEG of our latest 30-second TV spot" marketing firms, and yes, spam relayed through insecure relays.

    Loosely categorized, that's MAPS DUL (the dialup project), MAPS RBL (The Realtime Blackhole List, designed for firms which continue to spam unrepentantly and for which every other means to have meaningful discussion has failed, and MAPS RSS (Relay Spam Stopper, a blacklist of open relays.)

    ORBS, by contrast, concentrates only on adding open relays to its block list, and has a method of checking those relays which results in it probing machines, often repeatedly, and most importantly, even against the express wishes of the system administrators of the machines being probed.

    ORBS is not a spammer, but there's a legitimate argument that says they're abusing the servers they contact. They have great intentions (with which the road to the RBL is paved). But the bottom line is that if you - be ye a spammer or be ye a relay-checker - probe my box, I'm gonna be pissed. If you repeatedly probe it after I ask you not to, I'm gonna be real pissed.

    This is nothing new. ISTR that ORBS lost their connectivity for a period of time from BCTel as far back as 1997/8ish for this - people being probed complained to ORBS, ORBS didn't stop probing, so they did the right thing --- complained to ORBS' upstream.

    Back to the present day and "pissed". If ORBS' current upstream isn't gonna stop 'em, then I'm gonna document my efforts. Having emailed ORBS folks, spoken to them on the phone, and having found their upstream unresponsive to my concerns, I as a sysadmin would have everything I needed to make a well-documented RBL nomination.

    If the story is true, (and I'm still skeptical that ORBS is actually on the RBL, as opposed to there merely being a nomination under consideration, but I haven't been following nanae this week), then someone who fell into the "really really pissed" category did just that, and the RBL team was subsequently unable to have meaningful negotations with ORBS.

    I like ORBS. If I had a personal box, I'd probably use their blacklist. But my liking them, even when combined with the fact that I know their intentions are good, doesn't change the fact that repeatedly launching probes against sites which have requested no longer to be probed, is/EM. abuse of the email system, and it's a form of abuse which subscribers to the MAPS RBL ought to be entitled to protection against.

  • by BigBlockMopar ( 191202 ) on Wednesday July 19, 2000 @06:33AM (#921774) Homepage

    Anybody else take a look at the text of yesterday's anti-spam legislation?

    A couple of things come to mind.

    Point 1: The spam must clearly identify a reply-to address so that you can get off the list. Spammers have pretended to do this for years. Usually, the reply-to just means that your e-mail address is valid, and gets you more spam.

    Point 2: Headers must not be masked. I think this is a great first step, but won't it be hard to enforce?

    Point 3: Won't all this simply move the problem offshore?

    I think the Internet Community has to provide the solution for this. While government legislation is a great symbolic step, I'm not sure how much it will actually do to alleviate the 200-300 messages a day that I sometimes get in my mailbox.

  • by evanbd ( 210358 ) on Wednesday July 19, 2000 @06:31AM (#921775)
    More detailts in this article [theregister.co.uk] at The Register [theregister.co.uk].
  • by SgtPepper ( 5548 ) on Wednesday July 19, 2000 @06:38AM (#921776)
    kuro5hin.org has the obligatory "Slashdot is censoring the story!", postings but has at least one seemingly clueful post

    Why did you mention that? There is no point other then to cast K5 in a bad light, a light which is certainly not true. K5 is NOT a /. haters site, if anything it's a compliment to it. /. and K5 together make for a very powerful source of news and views. And BECAUSE of their different structures you get two different faces. K5 is what it says "Technology and Culture, from the Trenches" whereas Slashdot is "News for Nerds, Stuff that Matters". K5 is SUPPOSE to be a bit rougher and raw, this is what makes it different, and is not a valid reason for beating up on it. I apologize if this comes out wrong, it just gave me the impression of the school bully picking on the new kid. And for the same reason that the bully picks on the new kid, it came across that maybe /. was getting "worried". It smacked of corpratism, and take note that I am NOT a /. "Big Bad Corp. They sold out" person. But how many times do you see the NYT go " and the Washinginton Post's editoral comments were the usual NYT sucks varity" now granted, it's different worlds, and maybe sometimes they do say something along those lines, but it looks very unprofessional and frankly not very friendly. Mentioning K5 is great, but the tone was very "put offing", specially considering how much slashdot is mentioned on K5 in favourable light, and almost NEVER by a article is it mentioned unfavourable.

    Sorry for the rant, I'm going back to enjoying Slashdot AND Kuro5hin now.
  • by FreeUser ( 11483 ) on Wednesday July 19, 2000 @08:57AM (#921777)
    Quoting myself:
    If you wish to follow up flat denials with hard evidence, I'd be interested in seeing it, but your flat denial of wrongdoing simply doesn't cut it in light of all the evidence to the contrary.

    Allow me to save you the effort. :-)

    As another post pointed out here [deja.com] the situation is clarified and apologies are given and accepted all around. Apparently it was an innocent ISP foul up, or else someone is very good at spin control (I tend to believe the former rather than the latter).

    I am delighted to have been 100% wrong about this.
  • by sethg ( 15187 ) on Wednesday July 19, 2000 @07:48AM (#921778) Homepage
    Hmm. It looks like:
    1. ORBS has systems that probe hosts all over the Net to test whether or not they are open relays. If a host blocks the ORBS probe, ORBS will note this fact, and some ISPs that subscribe to ORBS will block that host, even if that host is not really an open relay. (By comparison, the MAPS systems will only probe a host after someone has complained about getting spam from it.)
    2. Some of MAPS's own mail servers refuse connections from ORBS's probes. Therefore, ironically, ORBS blocks MAPS.
    3. Above.net has decided that the probes from ORBS violate the above.net Acceptable Usage Policy. Therefore, the hosts that send out these probes are blocked from the whole above.net network.
    4. MAPS uses above.net as an ISP, and Paul Vixie is one of the big wheels at both MAPS and above.net.
    5. Manawatu Internet Services (MIS), an ISP that serves other ORBS machines, uses NZ Telecom as an ISP, and NZ Telecom uses above.net as an upstream provider.
    6. NZ Telecom set up its routing tables incorrectly; they could and should have set them up so that MIS could access ORBS machines through another upstream ISP.
    7. Some folks at ORBS noticed that they were having trouble with their email (as in, it was taking over a week to get from Europe to NZ), and a cursory check suggested that above.net was sabotaging their email traffic.
    [pulls string on talking Barbie] "Network administration is hard."
    --
  • by seebs ( 15766 ) on Wednesday July 19, 2000 @07:08AM (#921779) Homepage
    Let me say that this is *not* about "competition". This is about stopping network abuse.

    I know a guy whose mail server is buggy. It is *NOT* insecure. You cannot relay mail through it. The bug is this: Certain addresses will crash it. The mail doesn't go through, but the mail server crashes.

    ORBS crashes his mail server. Up to seventeen times per run. Over and over. They won't stop.

    Some postmasters get email every time a relay attempt is made and fails. They are getting mailbombed by ORBS.

    ORBS is doing the same thing spammers are doing: Using the email system, and refusing to stop when asked.

    Even if you get on their "static" list, they'll probably still spam you occasionally. But, think about it: Is it fair for a system which claims to block "open relays" to also, if you turn it on withuot knowing about the "static" list, block mail from anyone who dislikes the constant and repeated tests?

    Is it fair for them to tell their users that you're a spammer, if you tell them you don't want or appreciate their testing? Remember, we're talking about systems that are *NOT* open relays!

    Finally, only ORBS has maintained spite listings. MAPS has never maintained them. I'm sure someone will find a case where MAPS listed a system that was not involved, in any way, in mail abuse. I bet you can't find one where the listing stuck past the first complaint.

    ORBS has consistently condoned mass scanning of netblocks. They have encouraged people to scan whole netblocks, and resubmit any hosts they find to ORBS.

    ORBS will list systems that cannot be used to relay actual spam. ORBS will list anyone that complains too loudly about them, or plays games with their tests. And they will list such people
    out of spite, not out of any desire to eliminate spam.

    Some people have put network-wide filters on the address space ORBS probes from. ORBS retaliated by starting to farm out relay probes to external sites. You know, just like what spammers do when you block their unwanted communications.

    The only thing I think the RBL did wrong in this picture is let it go so long. ORBS has been abusing the email system for a long time, and has done a lot of stuff out of ego and spite. It's time *someone* reminded them that you can't abuse the email system forever.
  • by Weezul ( 52464 ) on Wednesday July 19, 2000 @09:40AM (#921780)
    Well it sounds to me like we don't need ORBS anyway. We should just add a feature to sendmail to test every system from which it recieves mail and kill/bounce the message if the system is an open relay. This test dose not really need much bandwidth.

    Shure, it would crash some people's boxes, but who cares. It would only crash their boxes when they sent mail to someone running this modified sendmail. They can fucking figure it out and DL the patch.

    Plus, there would be no centralized blacklist. It would just be a modification which every admin has a choice of installing.
  • by cananian ( 73735 ) on Wednesday July 19, 2000 @06:52AM (#921781) Homepage
    Check USENET: This isn't a MAPS-ORBS shooting match at all: OR BS is not in the RBL. MAPS is not blocking ORBS. [deja.com]

    This is a simple ISP fuckup. Telecom New Zealand screwed up [deja.com].

    And here's [deja.com] the start of the apologies. Paul Vixie apologizes, even. They all shake hands. Well, maybe not really, but still:

    The story as reported is all lies and misinformation.

  • by Mark F. Komarinski ( 97174 ) on Wednesday July 19, 2000 @06:29AM (#921782) Homepage
    If anything, this shows why MAPS and ORBS should not be used. Centralized "blacklists" are a bad idea to begin with, as:

    a) The server admin has no control over what sites are blocked
    b) They change dynamically and could potentially block sites you were talking to days before.
    c) Petty disputes like this one will cause trouble.

    If you want to do your own spam filtering on your own site, that's fine. Depending on someone else to tell you who you should block is just asking for trouble.

    Sorry to see that Alan has to use draconian filtering. Without it, I'm sure he's going to get a lot of e-mail, mostly spam. As it is, I get 200+ a day, and noone knows me.

HOLY MACRO!

Working...