[38010] in North American Network Operators' Group
Re: Scanning (was Re: Stealth Blocking)
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Sat May 26 22:18:31 2001
Message-ID: <3B1062DD.2301A369@greendragon.com>
Date: Sat, 26 May 2001 22:15:24 -0400
From: William Allen Simpson <wsimpson@greendragon.com>
MIME-Version: 1.0
To: "Greg A. Woods" <woods@weird.com>
Cc: "Christopher A. Woodfield" <rekoil@semihuman.com>,
nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
We also were blocked by automated scanning from ORBS, about two years
ago. I haven't ever checked to see whether the block was ever removed,
since we made the decision that ORBS was the problem, and blocked ORBS
scanning.
"Greg A. Woods" wrote:
> Do you have the mailer logs from those hosts?
>
After two years? Certainly not! Ever since the FBI investigation of
one of our users, we dispose of the logs in days! They cannot request
what we do not keep.
> Can you prove that there was no other unauthorised use of them during
> the time *before* they were tested by ORBS?
>
How exactly does anyone prove a negative?
Nobody could assert that we have ever been technically unaware. We had
outside relaying blocked. We had a formal AUP since inception (1994),
long before any of the johnny-come-latelies. We also used MAPS as soon
as our software supported it.
However, the reason ORBS cited at the time was that the server software
(Stalker SIMS) allowed the % hack. I dunno why the % hack is a
terrible problem -- support was _required_ in the olden days. But, it
was obsolete. I believe that Stalker has since removed that feature.
In short, methinks you protesteth too much.
