North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: Administrivia: ORBS

  • From: Greg A. Woods
  • Date: Sat Jan 15 17:47:48 2000

[ On , January 15, 2000 at 11:11:43 (-0800), Paul Vixie wrote: ]
> Subject: Re: Fw: Administrivia: ORBS
> ORBS has made no claims that there are open relays inside Abovenet.  They
> are preemptively scanning Abovenet's address space IN CASE THERE ARE ANY
> relays, either belonging to Abovenet, or belonging to an Abovenet customer.

That's flat out wrong.  Please read the ORBS web pages and do some
actual queries of their database and their DNS RBL zone.  A full list of
all verified open relays in known AboveNet netblocks is readily
available therein.

So far AboveNet hasn't denied that there are/were open relays on "their"
networks either, at least not to my knowledge.  All we know now is that
ORBS can no longer be used to prove that there are none remaining.

ORBS also maintains that they do not, nor have they ever, systematically
and preemptively scanned any networks.  They also actively discourage
users of their web interface from doing such scanning and I've heard
second hand that they do in fact cut off access to the web interface
by anyone attempting such scans.

I am sure many of us would be very interested in seeing concrete
verifiable evidence of such preemptive scanning, either by ORBS or their
users, but so far none has been produced that I'm aware of.

BTW, unless you can read minds you cannot know why an IP# has been
submitted to the ORBS web interface for testing.  Given that I'm an
optimist, and given there's no evidence to the contrary, I can only
assume that each and every one is either a result of actual spam, or a
test by the postmaster of the mailer being tested.

> It *is* Abovenet's own network.  They sell transit to other people via their
> own network, but that doesn't change the ownership of Abovenet's network to
> somehow not include Abovenet.

In my own opinion I would say the "ownership", whatever that means in a
virtual on-line world, changes as soon as they assign a network within
one of their own netblocks to one of their customers.

Eg. even though my own network is assigned from a UUNET block, I am the
only one who owns the rights to receive packets at my IP addresses, or
indeed the right to block such packets (to the extent that packets to or
from my network don't cause some transit provider grief in the form of a
denial of service attack or such).

> If you think Abovenet doesn't have the right to refuse service to anyone,
> then your property ethics are the same as any spammer's.  And if Abovenet
> loses customers because they don't allow ORBS to probe them, then that's
> a matter for Abovenet's customers to decide.

On the contrary -- it should only be AboveNet's customers who have any
right to refuse service to anyone, not AboveNet themselves.  That's
certainly what I expect of my provider.  Your absolutely right on that
last point though -- AboveNet's customers can decide with their feet.
It won't be an easy decision though as in all other aspects AboveNet
seems to be a premium service.

> (MIBH uses the old Partan/Doran "maximum prefix length" filters on our BGP
> input side, which means we can't reach various nets who break up a /20 into
> a lot of discontiguous /24's each singly homed by a different transit
> provider.  Do we, also, risk "losing our carrier status" because we exercise
> control over what routes and what traffic we carry?)

> > Finally can we please stop using the incorrect term "port scanner" here?
> > ORBS does not "scan" and it most certainly doesn't scan arbitrary ports.
> They are looking for port 25 on all addresses within /16'.  You call it
> what you want, I'll call it a port scanner.

Are they really?  Can you prove it?

							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>