nanog mailing list archives

Re: Fw: Administrivia: ORBS [LONG]

From: woods () most weird com (Greg A. Woods)
Date: Sat, 15 Jan 2000 19:31:19 -0500 (EST)


[ On Saturday, January 15, 2000 at 16:55:46 (-0700), Forrest W. Christian wrote: ]

Subject: Re: Fw: Administrivia: ORBS [LONG]

On Fri, 14 Jan 2000, Kai Schlichting wrote:


People who object to their networks being scanned for SMTP vulnerabilities
on occasion (with an interval that ranges from a couple of weeks to a couple
of months) have something to hide.


Sorry, hate to pick nits, but we have 13 relay attempts from ORBS in our
maillog between 9p last night up until 4:50 today.

Since 6 Jan, there have been 113 relay attempts from orbs.   Or, better
put over 10 a day on average.


Hmmm... very interesting.  I've only received two over the past year,
and one has been since my first public posting on this subject.

If you trust how ORBS claims to work as being true this would suggest
that a lot of eager beavers have been much more active at submitting
test requests to ORBS ever since this subject came up.  I've no doubt
that these kind of people are more than willing to target various
networks out of their own agendas rather than basing their test requests
solely on actual spam events (as ORBS requests that they do).

Just because people are anti-spam doesn't mean they're perfect!  :-)

This doesn't seem like "once every 2 weeks" let alone once every 2 months.


There's a very fine line for ORBS to walk here.  Those of us who use it
obviously want it to be as accurate as possible, just as those who
become listed in it do.  If it doesn't find and list open relays being
abused quickly we'll be just as upset as those who don't get off the
list as soon as they've fixed their mailers are.

Since ORBS is automated this means that an algorithm must be used to
determine how frequently a test must be repeated (whether it's for the
purpose of confirming a fix, or for the purpose of confirming that a
site has been broken again).  I don't know if there is such an algorithm
in place yet or not, of course.

I think a lot of the BS here would be avoided if people were to discuss
rationally the attributes of various possible algorithms for ORBS to use
to determine re-testing frequencies in different circumstances.  The
participants of this particular forum should be more than capable of
having such a rational discussion, shouldn't we.....

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>

Current thread:

Re: Fw: Administrivia: ORBS [LONG], (continued)
- - - Re: Fw: Administrivia: ORBS [LONG] Randy Bush (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Andrew Brown (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Pat Myrto (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Steve Sobol (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Kai Schlichting (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] J.D. Falk (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Greg A. Woods (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Randy Bush (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Steve Sobol (Jan 14)
    - Re: Fw: Administrivia: ORBS [LONG] Forrest W. Christian (Jan 15)
    - Re: Fw: Administrivia: ORBS [LONG] Greg A. Woods (Jan 15)
    - Re: Fw: Administrivia: ORBS Greg A. Woods (Jan 14)
    - Re: Fw: Administrivia: ORBS Randy Bush (Jan 14)
    - Re: Fw: Administrivia: ORBS Greg A. Woods (Jan 14)
    - Re: Fw: Administrivia: ORBS Steve Sobol (Jan 16)
    - Re: Fw: Administrivia: ORBS Paul Vixie (Jan 16)
    - Re: Fw: Administrivia: ORBS Steve Sobol (Jan 16)
    - Re: Fw: Administrivia: ORBS Greg A. Woods (Jan 19)
    - Re: Fw: Administrivia: ORBS Shawn McMahon (Jan 19)
    - Re: Fw: Administrivia: ORBS Henry R. Linneweh (Jan 19)
    - Re: Fw: Administrivia: ORBS Greg A. Woods (Jan 19)

(Thread continues...)