Question concerning authoritative bodies.

Jack Bates jbates at brightok.net
Sun Mar 9 19:51:52 UTC 2003


From: Valdis.Kletnieks

> I'd just *LOVE* to hear how you intend to avoid the same problems that the
crew
> from ORBS ran into with one large provider who decided to block their
probes.
> Failing to address that scenario will guarantee failure....

Run the probes from the DNS root servers. Problem solved. Go ahead and block
them. haha.

Seriously, I do understand that some networks would block the probes. This
is to be expected. Many of these same networks block probes from current
lists or issue "do not probe" statements. A network is more likely to
concede to tests from a central authority that limits what is tested and how
often if it means the reduction of scans from numerous sources for lists
such as DSBL. The only way such a resource would work is if the largest
networks back it. Blocking the scans at a TCP/IP level is easily detectable.
Provider received email from said server, IP was submitted for testing, no
connection can be established to said server. Place it in the "wouldn't
allow scan list". Politely ask AOL to use the "wouldn't allow scan list" for
all inbound smtp connections.

People want the abuse of unsecured relays for smtp stopped. I'm afraid it is
a choice of the lesser of two evils. The scans are going to happen no matter
what. The question is, will administrators accept that a single run of a
test suite on a server that has established connections to other servers is
better than just having the entire 'net issuing their own scans? Am I wrong
in assuming that a majority of networks use smtp and do not wish the abuse
of their servers?

-Jack




More information about the NANOG mailing list