Stealth Blocking

Jason Slagle raistlin at tacorp.net
Thu May 24 20:02:43 UTC 2001


That is different.

I'm not attempting to collect damages here, merely deny them access.

This is along the lines of saying I have to allow hackers access to my
machines.  While the port scan may be legal in a sense that I can't
collect damages on it alone, I doubt you'll find a court who will
challenge the idea that I have to let you connect to my machines.

Most people who use things such as the RBL in a commercial environment
make it known in their terms of service that they do such things.  As a
matter of fact some people even charge extra for this service.  The
argument that it impedes commerce is moot in my eyes, because as long as
the customer knows or is capable of knowing (Not my problem if you didn't
read my TOS if you knew it existed), then they have the choice of going
somewhere the RBL or similar list are not use.  Of course IINAL.

We used ORBS for awhile, and it did hit a lot of false positives, so we
stopped it.

We've been using RBL+DUL+RSS for nearly 2 years now IIRC, and in that time
we have had 5 calls that I can recall about legit email being blocked.  
In 3 of them we contacted the remote system and the relay was fixed.  In
2, the owner refused to fix the relay, so we just informed the customer
and the person trying to mail them of the problem, and the implications of
the other end not fixing their mail server.  In both instances the sending
end changed providers.

Jason

-- 
Jason Slagle - CCNP - CCDP
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin at tacorp.net - jslagle at toledolink.com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  . If dreams are like movies then memories
 X  - NO HTML/RTF in e-mail  .   are films about ghosts..
/ \ - NO Word docs in e-mail .     - Adam Duritz - Counting Crows


On Thu, 24 May 2001 Valdis.Kletnieks at vt.edu wrote:

> On Thu, 24 May 2001 09:30:33 EDT, Jason Slagle said:
> > Last time I checked the law of the land said if it's my machine, I can
> > decide who connects to it.  And who sends me mail..
> 
> Be careful, it's not as clear-cut as it may seem.  At least in one US District
> Court, portscanning was held to be legal (or more precisely, that you couldn't
> count the cost of investigating one against damages)...
> 
> http://www.securityfocus.com/templates/article.html?id=126
> 
> 
> 





More information about the NANOG mailing list