[38038] in North American Network Operators' Group
RE: ORBS (Re: Scanning)
daemon@ATHENA.MIT.EDU (Derek Balling)
Sun May 27 14:21:59 2001
Mime-Version: 1.0
Message-Id: <p05100f0db736f3f5cf8a@[198.144.200.170]>
In-Reply-To: <9DC8BBAD4FF100408FC7D18D1F0922860E46B9@condor.mhsc.com>
Date: Sun, 27 May 2001 11:19:36 -0700
To: Roeland Meyer <rmeyer@mhsc.com>,
"'E.B. Dreger'" <eddy@noc.everquick.net>, nanog@nanog.org
From: Derek Balling <dredd@megacity.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: owner-nanog-outgoing@merit.edu
At 11:10 AM -0700 5/27/01, Roeland Meyer wrote:
> > I'm not sure I understand this logic:
>>
>> 1.) They test positive for orbs... so they ARE an open relay
>> 2.) That system is using MAPS, which means that there is some subset
>> of systems the open relay itself rejects mail from
>
>I somehow missed your logic here. A MAPS blocked system is, by definition
>NOT an open-relay, since it IS MAPS-blocked. Yet, ORBS will list it as an
>open-relay. I agree, there is a disconnect here. Your second premis
>invalidates the first. This may be a semantic issue, please examine and
>clarify.
I think this is all a phrasology thing.
Assuming "a MAPS-blocked system" means a system that is
listed/blocked by MAPS as a spam source.
Then your statement makes no sense because in all likelihood, that
host IS an open relay.
Assuming "a MAPS-blocked system" means a system that is partaking of
the MAPS lists to block inbound mail to it
Then your statement further makes no sense, because any
non-MAPS-listed host could (in theory) send mail to/through that
system. If the system using MAPS is an open relay, then
non-MAPS-listed hosts could quite happily/easily pump mail through
that system regardless of whether or not it is using MAPS.
So in conclusion - unless you're defining a third case, I don't know
what you're talking about. :)
>I might point out that, since MAPS has been running for a few years, most if
>not all, the spammer sources are now listed.
I think my personal evidence (that about 90-95% of my spam that is
blocked is NOT from MAPS sources) does not seem to bear that out.
If you really believe your above statement, there's a wonderful
slightly used bridge I'd love to sell you.
D
--
+---------------------+-----------------------------------------+
| dredd@megacity.org | "Conan! What is best in life?" |
| Derek J. Balling | "To crush your enemies, see them |
| | driven before you, and to hear the |
| | lamentation of their women!" |
+---------------------+-----------------------------------------+
