North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: Administrivia: ORBS [LONG]

  • From: Greg A. Woods
  • Date: Sat Jan 15 19:36:35 2000

[ On Saturday, January 15, 2000 at 16:55:46 (-0700), Forrest W. Christian wrote: ]
> Subject: Re: Fw: Administrivia: ORBS [LONG]
> On Fri, 14 Jan 2000, Kai Schlichting wrote:
> >
> > People who object to their networks being scanned for SMTP vulnerabilities
> > on occasion (with an interval that ranges from a couple of weeks to a couple
> > of months) have something to hide. 
> Sorry, hate to pick nits, but we have 13 relay attempts from ORBS in our
> maillog between 9p last night up until 4:50 today.
> Since 6 Jan, there have been 113 relay attempts from orbs.   Or, better
> put over 10 a day on average.

Hmmm... very interesting.  I've only received two over the past year,
and one has been since my first public posting on this subject.

If you trust how ORBS claims to work as being true this would suggest
that a lot of eager beavers have been much more active at submitting
test requests to ORBS ever since this subject came up.  I've no doubt
that these kind of people are more than willing to target various
networks out of their own agendas rather than basing their test requests
solely on actual spam events (as ORBS requests that they do).

Just because people are anti-spam doesn't mean they're perfect!  :-)

> This doesn't seem like "once every 2 weeks" let alone once every 2 months.

There's a very fine line for ORBS to walk here.  Those of us who use it
obviously want it to be as accurate as possible, just as those who
become listed in it do.  If it doesn't find and list open relays being
abused quickly we'll be just as upset as those who don't get off the
list as soon as they've fixed their mailers are.

Since ORBS is automated this means that an algorithm must be used to
determine how frequently a test must be repeated (whether it's for the
purpose of confirming a fix, or for the purpose of confirming that a
site has been broken again).  I don't know if there is such an algorithm
in place yet or not, of course.

I think a lot of the BS here would be avoided if people were to discuss
rationally the attributes of various possible algorithms for ORBS to use
to determine re-testing frequencies in different circumstances.  The
participants of this particular forum should be more than capable of
having such a rational discussion, shouldn't we.....

							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>