Scanning (was Re: Stealth Blocking)

Roeland Meyer rmeyer at
Sun May 27 07:01:36 UTC 2001

> From: woods at [mailto:woods at]
> Sent: Saturday, May 26, 2001 11:02 PM
> [ On Sunday, May 27, 2001 at 00:17:29 (-0400), William Allen 
> Simpson wrote: ]

> >  But, ORBS
> > remains indefensible.
> It would seem that I have no problems either defending it, or 
> using it.
> Whether I'm successful in the latter endeavour is only for me 
> to decide.
> Whether I'm successful in the former endeavour is a larger question.
> > The MAPS leads to far fewer mistakes -- does not block non-relaying 
> > servers just because they don't think the network has sufficient 
> > "action against spammers in recent months."  That's entirely 
> > judgmental, not operational.
> The mechanically verified part of ORBS cannot, by definition, 
> lead to any

Greg, it all comes down to ONE major issue ... collateral damage.

> >  We've been 
> > falsely accused by ORBS,
> Which list were you on again?  Wasn't it the manual netblocks list?
> > without any evidence of spamming.

He makes a perfectly valid point here. In the past few days I have seen much
testimony, from folks right here on this list, that were listed on ORBS.
I've also read testimony that their systems were never used for spam. I
can't imagine a spammer being on this list for long. Nor, can I imagine
those illustrious folks being spammers. Yet, they were on the ORBS list.
BTW, MHSC systems were also carried on ORBS for a while and when they were,
over 50% of my bandwidth was used to fend off crack attempts. Thank gawd I
was using MAPS at the time. None of the relay attempts got through.
Although, I *did* have to replace a couple of weak BIND boxen (thanks for
the extra work, BTW >:P ).

Brother, that is the very definition of collateral damage. In fact, it was
worse. It's "friendly fire". If we start taking out innocents and even our
own guys, the spammers will win. We need to start fighting the PURE WAR
against spammers. What ORBS does is to find innocents and paints bulls-eyes
on them for the spammers to find easier. The argument ORBS presented, on
their web-site, to justify this, is terribly weak. It still amount to
pointing the guns ... in the WRONG direction.

> Please do not forget that ORBS goal is not to detect or 
> prevent spamming per se.  

But, without spammer behavior, open-relays are perfectly acceptable. Else,
why was it the default option in sendmail for so long? The "anti" argument
falls over dead without spammers. It's not the gun, it's the bloke pointing

> It's full name should make this clear:  Open Relay Behaviour-
> modification System.  Any open relay is a bad thing regardless of
> whether it has yet been abused by a spammer (because it will 
> undoubtably be abused unless it is closed first).

You make my point here. Remove spammers and ORBS becomes nothing more than a
totalitarian tool for a political agenda without merit. If I can run a relay
system safely (without spammer abuse) then you have lost the right to tell
me I can't do so because there is no possible damage to your systems. It's
also a control issue, I strongly resent someone, whom isn't paying the rent
here, trying to modify my behavior. I get enough of that from my government.

> >  ORBS blocks for political reasons, rather than technical.

> I guess I can't really disagree with that, though I will 
> point out that
> I am using ORBS as a deterrent against such acts of theft of 
> service and
> fraud and thus it is in fact what's known as a "technical control".

Can't you see how inherently corrupt that is? Drop ORBS and go with MAPS. Be
friendly to your friends and disdain only those that are truely your

More information about the NANOG mailing list