ARIN whois

Sat Nov 27 22:05:29 UTC 1999

Option 3. Invoice them for services. Send a demand letter for services rendered, and tell them to refrain from further relaying until payment terms are arranged. Send the letter certified return receipt to the corporate agent.  If the services rendered exceed $5000, report the act to the FBI.  To make an effective criminal complaint that can be prosecuted, you need to make efforts to collect the money.  After the demand letter, engage a lawyer to sue them, or a collection agency to collect the money. 

Before ORBS and the antispammers started inciting attacks this summer, spammers did not find our service. Anyone that runs an active probe service on a leased line would be discovered, and shutdown. You aren't going to probe much of the internet on a dialin line.  We know how to stop people on static IP addresses.

Criminal relaying depends on a service like ORBS to collect and disseminate information on where to find a relay.

This is why we ask all operators to block traffic to ORBS, which has recently changed addresses to 202.36.147.16.  We had blocked 202.36.148/24. I just noticed they changed IP addresses to avoid filters. These are our new filters:

access-list 104 deny ip 202.36.148.5 0.0.0.255 any
access-list 104 deny ip 202.36.147.16 0.0.0.255 any

Slippery.  But these two /24's appears to be all that is swipped to them. 

I want to offer my heartfelt thanks to all operators who have blocked them so far. This holiday weekend has certainly been better.

		--Dean

Around 10:42 AM 11/27/1999 -0600, rumor has it that Gene Black said:
>That's why you engineer around the problem to insure that your
>legitimate business can continue when you shut down your relays. If you
>leave them open long enough, the spammers will eventually find you, and
>when they do, you're only going to have two options left:
>
>1. Close the relays
>
>or 
>
>2. Quit offering any type of SMTP services.
>
>This is what prompted us to close our relays a few years back. The sheer
>amount of spam coming through was so massive as to effectively shut down
>our mail servers and eat a very significant portion of our bandwidth.
>Users won't tolerate outages like that - and shouldn't have to. The
>majority of it was coming in from remote places overseas as well - not
>the sort of thing that you can easily pursue legally if you can pursue
>it at all.
>
>Just my two cents...
>
>
>"Roeland M.J. Meyer" wrote:
>> 
>> You have just explained why you are a SysAdmin and not a business operator.
>> The issue is not that closing them is difficult. The issue is that it will
>> ALSO close down a legitimate business.
>> 
>> > -----Original Message-----
>> > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
>> > Robert Gash
>> > Sent: Monday, November 22, 1999 12:45 PM
>> > To: Dean Anderson
>> > Cc: nanog at merit.edu
>> > Subject: Re: ARIN whois
>> >
>> >
>> >
>> > Dean, perhaps I am not fully understanding your logic behind
>> > not closing
>> > your relays.  I have been a systems administrator for 4 years
>> > and I have
>> > not ever found an application where I needed to leave my SMTP
>> > relays open
>> > to the world.  I do not doubt that you have legitimate
>> > business purposes
>> > in mind when opening your relay, but at some point you must
>> > decide that
>> > legal action will be too slow to fix anything and that it
>> > might be a good
>> > time to close your relays to aleviate other problems.  Simply
>> > saying "I
>> > shouldn't need locks on my doors because everyone should be
>> > honest and never come into my house without my permission,"
>> > dosen't cut it
>> > in this world, and I am quite sure that you have
>> > locks on every portal to your house, so why should your SMTP
>> > server be any
>> > different?  Taking such a stance and refusing to close your
>> > relays is simply a foolish decision.
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean at av8.com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++