North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN whois

  • From: Dean Anderson
  • Date: Sun Nov 28 00:31:47 1999

Option 3. Invoice them for services. Send a demand letter for services rendered, and tell them to refrain from further relaying until payment terms are arranged. Send the letter certified return receipt to the corporate agent.  If the services rendered exceed $5000, report the act to the FBI.  To make an effective criminal complaint that can be prosecuted, you need to make efforts to collect the money.  After the demand letter, engage a lawyer to sue them, or a collection agency to collect the money. 

Before ORBS and the antispammers started inciting attacks this summer, spammers did not find our service. Anyone that runs an active probe service on a leased line would be discovered, and shutdown. You aren't going to probe much of the internet on a dialin line.  We know how to stop people on static IP addresses.

Criminal relaying depends on a service like ORBS to collect and disseminate information on where to find a relay.

This is why we ask all operators to block traffic to ORBS, which has recently changed addresses to  We had blocked 202.36.148/24. I just noticed they changed IP addresses to avoid filters. These are our new filters:

access-list 104 deny ip any
access-list 104 deny ip any

Slippery.  But these two /24's appears to be all that is swipped to them. 

I want to offer my heartfelt thanks to all operators who have blocked them so far. This holiday weekend has certainly been better.


Around 10:42 AM 11/27/1999 -0600, rumor has it that Gene Black said:
>That's why you engineer around the problem to insure that your
>legitimate business can continue when you shut down your relays. If you
>leave them open long enough, the spammers will eventually find you, and
>when they do, you're only going to have two options left:
>1. Close the relays
>2. Quit offering any type of SMTP services.
>This is what prompted us to close our relays a few years back. The sheer
>amount of spam coming through was so massive as to effectively shut down
>our mail servers and eat a very significant portion of our bandwidth.
>Users won't tolerate outages like that - and shouldn't have to. The
>majority of it was coming in from remote places overseas as well - not
>the sort of thing that you can easily pursue legally if you can pursue
>it at all.
>Just my two cents...
>"Roeland M.J. Meyer" wrote:
>> You have just explained why you are a SysAdmin and not a business operator.
>> The issue is not that closing them is difficult. The issue is that it will
>> ALSO close down a legitimate business.
>> > -----Original Message-----
>> > From: [email protected] [mailto:[email protected]]On Behalf Of
>> > Robert Gash
>> > Sent: Monday, November 22, 1999 12:45 PM
>> > To: Dean Anderson
>> > Cc: [email protected]
>> > Subject: Re: ARIN whois
>> >
>> >
>> >
>> > Dean, perhaps I am not fully understanding your logic behind
>> > not closing
>> > your relays.  I have been a systems administrator for 4 years
>> > and I have
>> > not ever found an application where I needed to leave my SMTP
>> > relays open
>> > to the world.  I do not doubt that you have legitimate
>> > business purposes
>> > in mind when opening your relay, but at some point you must
>> > decide that
>> > legal action will be too slow to fix anything and that it
>> > might be a good
>> > time to close your relays to aleviate other problems.  Simply
>> > saying "I
>> > shouldn't need locks on my doors because everyone should be
>> > honest and never come into my house without my permission,"
>> > dosen't cut it
>> > in this world, and I am quite sure that you have
>> > locks on every portal to your house, so why should your SMTP
>> > server be any
>> > different?  Taking such a stance and refusing to close your
>> > relays is simply a foolish decision.
           Plain Aviation, Inc                  [email protected]