North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: upstream scanning - upstream filtering

  • From: Roger Marquis
  • Date: Mon Feb 05 17:25:22 2001

"Henry R. Linneweh" <[email protected]> wrote:
> The reason above.net is not allowing Orbs to scan is because the owner
> of Orbs wants to scan every domain in the world for open relays 

The logic of this escapes me.  So ORBS scans for open relays.
Their goals are no different from Above.net's scanning for vulnerable
nameservers.  The only fundamental differences are that Above.net
is probing their own customers and using a different TCP/UDP port.
If Above.net wants to filter scans that's one thing but they could
have started better by filtering some of the many netscans we see
from .kr and .cn subnets.

I have no problem being scanned by either ORBS or Above.net.  I do
have a problem with upstream port filtering without my knowledge
or express permission.

One reason Above.net might block ORBS probably has not been discussed
on NANOG.  ORBS competes directly with RBL/DUL/RSS/mail-abuse.org.
RBL and Above.net share management.  Above.net's filters, it would
seem, are the result of a business decision whose goal has less to
do with customer safety than with inhibiting competition.

With the exception of ORBS filtering both Above.net and ISC are
doing a great job. Here's hoping Above.net takes the opportunity to
improve by adopting more consistent policies on scanning and
filtering.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/