North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Stealth Blocking
On Wed, 23 May 2001 16:18:12 PDT, David Schwartz said: > ORBS claimed originally to be a list of confirmed open relays, which it > once was and nobody really complained too much. The problem is, some sites > began getting complaints about the ORBS probers probing their networks. As a > result, some large sites (like abovenet) blocked the ORBS probers. ORBS > countered by blacklisting all of abovenet's address blocks, incuding all of > their non-multihomed customers. This blacklisted thousands of machines that > had no open relays. Well.. half of this is a red herring. The last time I checked (which was a re-check as I was writing this), ORBS had different ways of listing "known open relay" and "unable to check because of a block". Therefore, a carefully worded ORBS query should result in no blacklisting of "thousands of machines that had no open relays" (although of course, you would then not get a heads-up from ORBS regarding an actual open relay in a blocked address block. It's the site's decision whether it prefers false positives or false negatives. See http://www.orbs.org/usingindex.html for details... lot of options there. Flame-fests regarding ORBS probing should be redirected to /dev/null. Valdis Kletnieks Operating Systems Analyst Virginia Tech
|