Scanning (was Re: Stealth Blocking)

William Allen Simpson wsimpson at
Sun May 27 04:17:29 UTC 2001

"Greg A. Woods" wrote:
> [ On Saturday, May 26, 2001 at 22:46:08 (-0400), William Allen Simpson wrote: ]
> > As a quick update, I'll point out that two years ago, ORBS may have
> > been called IMRSS and/or Dorkslayers, a distinction without a
> > difference.
> You should check your facts before you display such ignorance....
And I love you too....  IIRC, investigation some time ago uncovered 
that these various services originated from and used the same 

> (ORBS is a replacement for what dorkslayers was, but ORBS is not, and
> was never, IMRSS)
One or more of them did automated scanning, with considerable false 
positives.  Hard to remember the details after all this time.  They 
were all associated with the same belligerent operator.

It has already been noted that ORBS explicitly advocated scanning, at 
one time or another, based on its own web pages.

> The new is under new management.  To quote:
>         dorkslayers is almost, but not quite, entirely unlike ORBS
As I opined, a distinction without a difference.  Renaming them doesn't 
removed the smell.

Oh well, someday we should go through the routers and figure out which 
ACLs were for which miscreant.  I'm sure we still have them for old 
viral updaters, etc.  The problem with those "temporary" blocks is that 
they are so permanent....  and we never know when it's safe to remove.

Greg, I'm sure you've done good things in the past.  CVS comes to mind? 
(assuming my memory is not entirely failing.)  But, ORBS remains indefensible.

I've long known and argued with Paul Vixie and Dave Rand in person many 
times, and they are competent and capable, even when in disagreement.

The MAPS leads to far fewer mistakes -- does not block non-relaying 
servers just because they don't think the network has sufficient 
"action against spammers in recent months."  That's entirely 
judgmental, not operational.

It all comes down to trust and reliability.  I trust MAPS.  We've been 
falsely accused by ORBS, without any evidence of spamming.  ORBS blocks 
for political reasons, rather than technical.  'nough said, for now.

More information about the NANOG mailing list