North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: Administrivia: ORBS

  • From: Paul Vixie
  • Date: Sat Jan 15 14:14:47 2000

> Perhaps AboveNet would openly submit to testing by someone independent
> of ORBS who would agree not to release the detailed results (except to
> AboveNet) but who would check the validity of ORBS claims and provide a
> summary report.  ORBS would of course have to be allowed to review the
> validity of the tests done.

ORBS has made no claims that there are open relays inside Abovenet.  They
are preemptively scanning Abovenet's address space IN CASE THERE ARE ANY
relays, either belonging to Abovenet, or belonging to an Abovenet customer.

> In this case AboveNet is a transport provider and in my opinion they're
> risking their status as a network carrier to be filtering in they way
> they are.  (Not that I know anything about carrier rights! :-).

Right, like you said, YANAL.  Abovenet also runs the MAPS RBL in BGP mode,
and this hasn't hurt their status that I can tell from here.

> Your own filtering of your own network when your own hosts are involved
> is a much different scenario.

It *is* Abovenet's own network.  They sell transit to other people via their
own network, but that doesn't change the ownership of Abovenet's network to
somehow not include Abovenet.

If you think Abovenet doesn't have the right to refuse service to anyone,
then your property ethics are the same as any spammer's.  And if Abovenet
loses customers because they don't allow ORBS to probe them, then that's
a matter for Abovenet's customers to decide.

(MIBH uses the old Partan/Doran "maximum prefix length" filters on our BGP
input side, which means we can't reach various nets who break up a /20 into
a lot of discontiguous /24's each singly homed by a different transit
provider.  Do we, also, risk "losing our carrier status" because we exercise
control over what routes and what traffic we carry?)

> Finally can we please stop using the incorrect term "port scanner" here?
> ORBS does not "scan" and it most certainly doesn't scan arbitrary ports.

They are looking for port 25 on all addresses within /16'.  You call it
what you want, I'll call it a port scanner.
Paul Vixie <[email protected]>

	>> But what *IS* the internet?
	> It's the largest equivalence class in the reflexive transitive
	> symmetric closure of the relationship "can be reached by an IP
	> packet from".		--Seth Breidbart