[38027] in North American Network Operators' Group
RE: ORBS (Re: Scanning)
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Sun May 27 12:14:10 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922860E46B5@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'E.B. Dreger'" <eddy+public+spam@noc.everquick.net>,
nanog@nanog.org
Date: Sun, 27 May 2001 09:11:39 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: E.B. Dreger [mailto:eddy+public+spam@noc.everquick.net]
> Sent: Sunday, May 27, 2001 8:05 AM
> ORBS catches far more than MAPS.
As Randy stated "so does a hydrogen bomb". The problem is target acquisition
and [the lack of] discrimination. The REASON tactical nukes aren't used
regularly is the collateral damage issue.
> My take is that anybody who has a
> problem with the infrequent ORBS probes should have a huge
> problem with the daily bombardment of relay attempts.
A system that tests positive for ORBS , yet is using MAPS, will not be used
as a spam relay. Yet, ORBS will list such a system.
> Bottom line: Blocking mail from rogue servers is the best way to stop
> spam and to not be a party to somebody else getting
> relay-raped. Anyone with clue closed relays how many years ago?
It is more accurate to state that most folks have placed guards on their
mail systems.
> I don't buy the "we need open relay for nationwide users" argument,
> either. Build a cheap MX that does nothing but take mail from a given
> POP, and send it to the world. Anti-spoofing at the border,
> don't accept mail from the outside world, and you're done.
You must not have a roaming staff or are willing to keep telcos wealthy.
