Stealth Blocking

Christopher A. Woodfield rekoil at
Wed May 23 19:43:36 UTC 2001

Let me add that to this that it is trivial for a MAPS subscriber to 
"whitelist" any site, overriding any affects of a listing in the RBL, DUL 
or RSS, via ALLOW statements in a mail server or deny statements on an 
inbound distribute list in the case of a BGP RBL subscriber. Any provider 
that wanted to receive email from/route traffic to an IP listed on the 
MAPS lists can easily do so without necessarily unsubsribing from the 

I'm saying this to hopefully drive home the argument that MAPS does not 
blackhole ANYONE, its subscribers do. And those subscribers have the 
option at any time of overriding a MAPS listing within their own network.


On Wed, May 23, 2001 at 01:45:19PM -0400, Jeremiah Kristal wrote:
> I would suggest that folks read how MAPS RBL works before they spew innuendo
> and half-truths.  MAPS may not be perfect, but it certainly isn't 'a single
> person/organization' with this power.  MAPS only acts on third-party
> nominations, has an exceedingly drawn-out confirmation process, and only
> publishes a BGP feed that *providers* must configure their routers to
> accept.  MAPS RBL does nothing beyond publish a list of known, confirmed,
> unrepentant spam sites in the format of a BGP4 advertisement.  Private
> networks can and will block what they want, MAPS just publishes a list of
> sites that they block from their network.  I (and every other network
> operator) can and will block whatever I want, unless my contract with my
> customers prevents it.
> Jeremiah
> -----Original Message-----
> From: owner-nanog at [mailto:owner-nanog at]On Behalf Of
> Robert Sharp
> Sent: Wednesday, May 23, 2001 12:57 PM
> To: Mitch Halmu
> Cc: John Payne; nanog at
> Subject: Re: Stealth Blocking
> I like how MAPS is allowed to black hole your machines and their traffic.
> But if
> you deny them access to your network resource as they are you are
> automatically
> assumed a spammer.  Wait you don't believe the same things we do, well you
> must
> be the enemy.
> I think we can all agree spam isn't a good thing, but where we drawn the
> line is
> something we can't agree on.  When you start black holing traffic to hosts
> and
> making that choice for other people.  MAPS does this with their blacking of
> traffic.  This type of power in the hands of a single person/organization is
> wrong.  I would propose a system whereas there are multiple representatives
> from
> many viewpoints to make VERY SERIOUS decisions like this.  I don't care how
> many
> disclaimers you have in your contracts, it's not the right way to deal with
> this
> problem....
> Regards,
> Rob Sharp
> Mitch Halmu wrote:
> > On Wed, 23 May 2001, John Payne wrote:
> >
> > > Umm... yes.  You run an open, abused mail relay, got listed in RSS and
> > > whine about it rather than fix it.
> >
> > I have posted two URLs, one was to a slashdot article describing a stealth
> > assault on Macromedia. So as to clarify the provenance of the URL
> > previously given by others in full context. Don't see your comments
> > there. Why? Perhaps the ACLU and those other do-good  organizations
> > command more respect than an ISP? But they're talking about the same
> > thing!
> >
> > The latter was to explain our position. Let's make several things clear.
> > First, what is the difference between an open relay and a free email
> > account somewhere? None, absolutely none. You could subscribe as Michael
> > Mouse today, and the emperor of China tomorrow. Yet such service, with no
> > credit card or implant chip to validate your true identity, giving away
> > free resources to the world, is perfectly legit in your judgement.
> >
> > NetSide maintains its own access control list. If a particular ip or ip
> > range didn't abuse our servers, we feel no need to lock them out. And
> > certainly not because you say so. Not to mention that all instances of
> > abuse can be traced from logs to someone's ip, and there is a venue of
> > complaint with the abuser's provider. We have a valid reason for doing
> > so: locking our servers would prevent our customers from roaming, and we
> > would also lose a good part of our non-local client base, some of them
> > subscribed since 1995, who couldn't make full use of their accounts
> > anymore.
> >
> > Second, open relays were the norm until Paul Vixie decided you should do
> > otherwise. And in many cases, he convinced thy by brute force that his
> > way is the right way is the only way. But it wasn't the legal way. Most
> > providers bent over and silently took the punishment. We won't. Do I seem
> > to whine here?
> >
> > Third, the new 'rule' MAPS just came up with now is that you must keep
> your
> > server open to their 'testing', or they'll blackhole you. See for
> yourself:
> >
> > That is the reason given for blocking us the second time around. No new
> > 'evidence', just open wide for inspection and say ahhh...
> >
> > > Could you be more clueless?
> >
> > That's just about what I was going to ask you. This is not about the
> > merits of some technological implementation over another. It is about
> > basic rights and freedoms shamelessly trampled upon by those that can
> > thump their chests the loudest and have Daddy Warbucks bankroll their
> > operation. Say you fall out of grace with the 'in' crowd tomorrow, could
> > it be your turn?
> >
> > > If you want to whine some more, is over
> there ->
> > > and spam-l is that way <-
> >
> > And you, John Payne, are here. And clearly on the side of the network
> > operator that's deliberately destroying the connectivity of other
> networks.
> > This problem won't just go away, as much as you want it swept under the
> > rug.
> >
> > --Mitch
> > NetSide

Christopher A. Woodfield		rekoil at

PGP Public Key:

More information about the NANOG mailing list