North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: Administrivia: ORBS [LONG]

  • From: Kai Schlichting
  • Date: Fri Jan 14 16:35:25 2000

At Friday 03:24 PM 1/14/00 , J.D. Falk wrote on NANOG:

>         Unfortunately, ORBS does not allow for people who DO know
>         about relays, and DO close them, and don't want to be scanned
>         anymore.  In the ORBS world, that simply isn't an option.
>         That's where most of the sane anti-ORBS sentiment comes from.
>         ("Sane" obviously does not include folks who actually do have
>         open relays.)

People who object to their networks being scanned for SMTP vulnerabilities
on occasion (with an interval that ranges from a couple of weeks to a couple
of months) have something to hide. They are hiding incompetency, management
failure, corporate idiocy , Dilbertism and most of all: financial interests
that have managed to completely corrupt any dedication to providing secure,
stable and responsible service on the Internet. Some people have apparently
forgotten that the Internet does not work without consensus and respect
for other entities making up the network as a whole:

Those who violate principles of responsible networking morally forfeit any
claim of protection under the same principles.

Given that there is NOTHING they can (or would want to) do about random
port scanning originating from throw-away dialup accounts or compromised
*.edu machines, trying to erect a barrier against single, well-known
entities that have a clear published agenda is completely dishonest,
with a motivation clearly founded in a desire to cover up things mentioned
in the first paragraph (above).

Who would think of ORBS' agenda to be that of, say:
a 13-year old hacker-wannabe from Pigs Knuckles, Idaho, who has hacker
bragging rights on the school yard ? Pick who you want to block, and
with what motivations.

I have sent the following to he SMTPABUSE list earlier today, in the
context of Bugtraq's co-located server (in's network) getting
ORBS-listed due to apparently null0'ing all traffic to/from
the network ORBS is located on.


At Friday 12:05 PM 1/14/00 , Bill Maloy wrote:
> > The following is a reason for not using the ORBS list.
>Slight mod:  "The following is an example of why anyone
>using the ORBS (or ANY blacklist, for that matter) should 
>be prepared to whitelist specifics servers at a moment's 
> has several hundred open relays (?!) in the 
>netblock which is blocking the ORBS tester.
>See <>
>Bill Maloy (brm4)

Or more figuratively: the landlord ( directly acknowledges the
occasional presence of a bunch of drug dealers using apartments (web servers
in their rackspace) in his buildings without the tenant's (web housing and
co-lo customers) or his consent (spammers abusing open relays on occasion)
for their illegal activities by trying to prohibit his friendly neighbors
(ORBS) from reporting about these deplorable conditions to the rest of the
public and prohibiting said friendly neighbors to enter his buildings to
occasionally check on tenants deliberately aiding and abetting (or doing
so by failure to leave their doors locked, which is technically gross
neglect) such illegal activities.

Meanwhile, the criminal element using the property continues to go about its
business, and the landlord apparently cares little that the "No Trespassing"
sign is routinely ignored, and tenants routinely compromise security for
themselves and their neighbors, as well as the rest of the community.

This is setting vast precendents. Precendents that work in the friendly
neighbor's favor, I have to add, and to the detriment of the landlord:

- In the US, the government takes away property from neglient owners who
  ignore illegal activity connected or happening on their property, especially
  if they were informed about this (I think a few 1000 mails to [email protected] is
  undeniable notice). Needless to say that people have lost their property
  even if they truly knew anything about it . (Thank you for Civil forfeiture,
  part of the War on Drugs^H^H^H^H^HEverybody, Ronnie. we'll spit on your
  grave soon enough).

- People get summoned and fined for leaving their cars unlocked, too, as
  the law recognizes that in order to protect the public from joyriding
  kids, insurance scams and rampant auto theft, an owner has to
  secure his vehicle, even if it poses just a minor hurdle for professional

And to top this off with another analogy:
As far as I am concerned, is like a parking lot with
a 3-inch fence, with a large number of vehicles unlocked and the keys in
the ignition. Ready to rumble, I'd say! Compare this to the vast majority
of car owners in urban areas who secure their vehicle with alarm systems
and "The Club" <tm>. What will *you* steal for fun and profit ?


Yeah, someone reacted to this post, which had a Cc: to [email protected],
via private email. While that reaction is certainly personal, rather than
an offical reaction by , I am quite surprised by the mind-bender
of putting ORBS on the same footing (see analogy above) as thieves running
around the parking lot, testing doors and then making off with the cars.

ORBS may rattle doors, but its for control purposes only. Kind of like
your insurance claims adjuster finding your Jaguar unlocked in front of
your house: he isn't driving off with it, but he will revoke your theft
coverage, then go on to make a factual entry into insurance carriers'
shared databases that will subsequently prevent you from getting theft
coverage with any other insurance. True and tried methods in the credit
reporting and insurance industries.

No more secrets.


[email protected]             "Just say No" to Spam            Kai Schlichting
Palo Alto, New York, You name it             Sophisticated Technical Peon
Kai's SpamShield <tm> is FREE!       
|                                                                       |