[37751] in North American Network Operators' Group
RE: Stealth Blocking
daemon@ATHENA.MIT.EDU (David Schwartz)
Wed May 23 20:18:01 2001
From: "David Schwartz" <davids@webmaster.com>
To: "Mitch Halmu" <mitch@netside.net>,
"John Payne" <john@sackheads.org>
Cc: <nanog@merit.edu>
Date: Wed, 23 May 2001 15:11:27 -0700
Message-ID: <NCBBLIEPOCNJOAEKBEAKCEPHPDAA.davids@webmaster.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.SOL.3.91.1010523115153.2647L-100000@sunny.netside.net>
Errors-To: owner-nanog-outgoing@merit.edu
> > > Third, the new 'rule' MAPS just came up with now is that you
> > > must keep your
> > > server open to their 'testing', or they'll blackhole you. See
> > > for yourself:
> > > http://www.dotcomeon.com/nph-rss-remove-blocking.html
> > > That is the reason given for blocking us the second time
> > > around. No new
> > > 'evidence', just open wide for inspection and say ahhh...
> > Uhhh... so how do you propose that relays are tested to make
> > sure they're
> > closed before being removed from the database?
> This is the very thing they considered abusive just a few months ago.
> Wasn't it MAPS that blocked ORBS for scanning Abovenet's ports in the
> first place? So now they took their rival's worst rules and made it their
> own. Now it's my turn to say absolute rubbish.
You're obscuring a very fundamental difference. ORBS scans everyone, with
no provocation. This is like checking if your neighbor's gun is loaded while
it's in his safe. MAPS scans those who have created problems for its
customers in the past. This is like checking if your neighbor's gun is
loaded while it's pointing at you.
Once you connect to me, and in so doing create a problem for me, you have
no right to complain when I connect back to you. But if you connect to me
without provocation to search me for vulnerabilities, that's a horse of
another color.
DS
