Scanning (was Re: Stealth Blocking)
William Allen Simpson
wsimpson at greendragon.com
Sun May 27 04:17:29 UTC 2001
"Greg A. Woods" wrote:
>
> [ On Saturday, May 26, 2001 at 22:46:08 (-0400), William Allen Simpson wrote: ]
> > As a quick update, I'll point out that two years ago, ORBS may have
> > been called IMRSS and/or Dorkslayers, a distinction without a
> > difference.
>
> You should check your facts before you display such ignorance....
>
And I love you too.... IIRC, investigation some time ago uncovered
that these various services originated from and used the same
databases.
> (ORBS is a replacement for what dorkslayers was, but ORBS is not, and
> was never, IMRSS)
>
One or more of them did automated scanning, with considerable false
positives. Hard to remember the details after all this time. They
were all associated with the same belligerent operator.
It has already been noted that ORBS explicitly advocated scanning, at
one time or another, based on its own web pages.
> The new dorkslayers.com is under new management. To quote:
>
> dorkslayers is almost, but not quite, entirely unlike ORBS
>
As I opined, a distinction without a difference. Renaming them doesn't
removed the smell.
Oh well, someday we should go through the routers and figure out which
ACLs were for which miscreant. I'm sure we still have them for old
viral updaters, etc. The problem with those "temporary" blocks is that
they are so permanent.... and we never know when it's safe to remove.
Greg, I'm sure you've done good things in the past. CVS comes to mind?
(assuming my memory is not entirely failing.) But, ORBS remains indefensible.
I've long known and argued with Paul Vixie and Dave Rand in person many
times, and they are competent and capable, even when in disagreement.
The MAPS leads to far fewer mistakes -- does not block non-relaying
servers just because they don't think the network has sufficient
"action against spammers in recent months." That's entirely
judgmental, not operational.
It all comes down to trust and reliability. I trust MAPS. We've been
falsely accused by ORBS, without any evidence of spamming. ORBS blocks
for political reasons, rather than technical. 'nough said, for now.
More information about the NANOG
mailing list