|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: No, ORBS is a good tool [WAS: Alright, ORBS sucks - next topic, please ;) [was RE: RBL-type BGPservice for known rogue networks?]]
On Sun, Jul 09, 2000 at 11:57:00AM +0200, Pim van Riezen wrote: > > On Sun, 9 Jul 2000, JP Donnio wrote: > > > > I don't know if you actually went out of your way to misrepresent my > > > comments or if it was accidental. Either way, you're wrong again: The > > > 'service' they provide is a database of VERIFIED open relays. It is a > > > damn good service and is very a useful tool in the arsenal. > > > > I totally agree with this statement. > > > > Could someone please explain what is the truth in the mutual finger pointing > > between Abovenet/MAPS and ORBS ? > > The truth is always hard to determine I would say. My personal stake in > this ordeal so far has been to try to get the madness to stop, it seems to > no avail. Hi Pim! Pim is another one of my co-workers, I agree with him fully on this statement. > > On one hand you can read on the mail-abuse.org that : > > "Effective 6/22/2000, we cannot accept submissions from you if you > > refuse mail from sites listed by ORBS. ORBS has listed our > > mailserver, and we'd therefore be unable to respond to your email. > > (No, we're not running an open relay.) > > " > > AboveNet (and thus MAPS) has been listed as untestable. Unfortunately, at > least part of the people who implement ORBS on their mailservers aren't > fully aware of the difference between being listed as untestable and being > listed as an open relay. And mail-abuse.org deliberately suggests that ORBS is at fault here, claiming that ORBS lists them and stating they are not an open relay. Both are true facts. ORBS, therefore, does not list mail-abuse.org's mail server as an open relay. > > Which seems totally false since I am using ORBS and I am able to exchange > > email with the MAPS RSS staff. > > > > On the other hand, ORBS claims Abovenet is blackholing /24 that contain ORBS > > servers which I was totally unable to verify despite my path to ORBS goes > > through Abovenet. > > We currently host the ORBS tester. We've had several incidents where > traffic from our network to the NZ-based site (where the database and > website run) dropped to a dead stop inside AboveNet space. AboveNet has, at one time, blackholed our /24, including our nameservers, everywhere they could. This meant 30.000 domains were *unreachable* for abovenet customers. > > I am not aware of any listing of ORBS servers in MAPS not aware of listing > > of MAPS servers in ORBS. > > ORBS was once put in the RBL. This was later retracted. MAPS is not listed > in ORBS, beyond those ranges that are listed as untestable. Correct. > > What is the truth in all this? > > > > I do understand that Abovenet does not want ORBS to test its network and > > that therefore Abovenet is listed in the untestable networks, but why is the > > argument going any further? Isn't that a bit stupid? I mean some network > > admin hate ORBS, some use part of it, some love it. Let each admin choose. > > The problem stems in the fact that Vixie and Rand, in their role as > AboveNet staff, take it upon themselves to not only demand that ORBS not > test their own network, but also that the tests do not pass their transit > routes. Two weeks ago our primary /24 got nullrouted inside AboveNet space > without any prior communication from their side (no abuse-complaints, no > mail to our uplinks, nothing), effectively blocking around 30,000 domains > from being reachable. As I stated in another email, indeed, AboveNet does not warn or complain. They just blackhole. > I took up communication with vixie, basically trying to get into some form > of dialogue to get issues settled. The core of his reply is that he does > not want to provide any information to ORBS to enable them to comply to > his demands of ORBS tests not passing AboveNet transit and he demands that > we take the testers offline. We're still pondering our options here. Silly > as this entire venture is, we may not be able to afford losing routability > for our customer base so we might actually have to give in to his demands. Which would be a big bloody shame :( Greetz, Peter. -- [email protected] - Peter van Dijk [student:developer:ircoper]
|