ORBS blocking Domainz servers
Hello All, A heads-up for anyone using ORBS for spam filtering: ORBS has added the following manual entries to its database: 18.160.46.202.inputs.orbs.org IN TXT "Domainz.net.nz - Attacks on ORBS and ORBS hosters." 50.160.46.202.inputs.orbs.org IN TXT "Domainz.net.nz - Attacks on ORBS and ORBS hosters." 37.16.96.203.inputs.orbs.org IN TXT "Delivery point for Domainz.net.nz - Attacks on ORBS and ORBS hosters." These represent the hosts www.domainz.net.nz, office.domainz.net.nz and mail2.actrix.gen.nz respectively. The records were added on the 9th Feb 2001, according to the ORBS database web pages. The impact of this is that if a site is using ORBS for spam blocking, it will reject mail from the Domainz automated systems, including notifications of passwords, nameserver changes, reminders of accounts due and other automatically generated DRS notifications. It will also reject mail from the Actrix list server, which includes Domainz mailing lists, ISOCNZ mailing lists and presumably others. Normal customer service email should be unaffected, as these come from other Actrix hosts. Suffice to say, none of these addresses have been used to attack the ORBS service or systems, nor do the mail servers on these addresses relay spam or block ORBS queries. Email queries to ORBS by myself and Actrix staff have not elicited a reply. Unless ORBS decides to remove these records, anyone needing to to communicate (or having customers that may need to communicate) with Domainz should ensure that ORBS is not in use by their mail exchangers, or arrangements to bypass the blocks on the Domainz addresses are in place. -- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
The impact of this is that if a site is using ORBS for spam blocking, it will reject mail from the Domainz automated systems
At last a useful purpose for ORBS ... To stop all that verbose, non machine parsable, unsolicited crap that comes from domainz. Peter Mott Chief Enthusiast 2day.com -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
This is hilarious... did you portscan him or something, Don? Must buy AB a beer for the best laugh in ages. Reckon he'll do the same for Netsol, register.com, and maybe 2day.com as well? -- Juha :: -----Original Message----- :: From: owner-nznog(a)list.waikato.ac.nz :: [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Don Stokes :: Sent: Thursday, February 15, 2001 6:06 PM :: To: nznog(a)list.waikato.ac.nz :: Subject: ORBS blocking Domainz servers :: :: :: Hello All, :: :: A heads-up for anyone using ORBS for spam filtering: :: :: ORBS has added the following manual entries to its database: :: :: 18.160.46.202.inputs.orbs.org IN TXT "Domainz.net.nz - Attacks :: on ORBS and ORBS hosters." :: 50.160.46.202.inputs.orbs.org IN TXT "Domainz.net.nz - Attacks :: on ORBS and ORBS hosters." :: 37.16.96.203.inputs.orbs.org IN TXT "Delivery point for :: Domainz.net.nz - Attacks on ORBS and ORBS hosters." :: :: These represent the hosts www.domainz.net.nz, office.domainz.net.nz and :: mail2.actrix.gen.nz respectively. The records were added on the 9th :: Feb 2001, according to the ORBS database web pages. :: :: The impact of this is that if a site is using ORBS for spam blocking, it :: will reject mail from the Domainz automated systems, including :: notifications of passwords, nameserver changes, reminders of accounts :: due and other automatically generated DRS notifications. It will also :: reject mail from the Actrix list server, which includes Domainz mailing :: lists, ISOCNZ mailing lists and presumably others. Normal customer :: service email should be unaffected, as these come from other Actrix :: hosts. :: :: Suffice to say, none of these addresses have been used to attack the :: ORBS service or systems, nor do the mail servers on these addresses :: relay spam or block ORBS queries. Email queries to ORBS by myself and :: Actrix staff have not elicited a reply. :: :: Unless ORBS decides to remove these records, anyone needing to to :: communicate (or having customers that may need to communicate) with :: Domainz should ensure that ORBS is not in use by their mail exchangers, :: or arrangements to bypass the blocks on the Domainz addresses are in :: place. :: :: -- don :: --------- :: To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz :: where the body of your message reads: :: unsubscribe nznog --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Wait, the ORBS Web site has it even better: Database Check - 202.46.160.18 202.46.160.18 is in our manual database for the following reason: www-wlg.domainz.net.nz - spam source, apparently blocking ORBS, attacks on ORBS amnd ORBS hosters. (9 February 2001) Database Check - 203.96.16.37 203.96.16.37 is in our manual database for the following reason: Actrix.gen.nz - delivery point for domainz.net.nz - apparently blocking ORBS, attacks on ORBS amnd ORBS hosters. (9 February 2001) Heh. So... what's the deal with the alleged attacks and Domainz spam? Is Actrix really blocking ORBS? I think we should be told. -- Juha :: -----Original Message----- :: From: owner-nznog(a)list.waikato.ac.nz :: [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Don Stokes :: Sent: Thursday, February 15, 2001 6:06 PM :: To: nznog(a)list.waikato.ac.nz :: Subject: ORBS blocking Domainz servers :: :: :: Hello All, :: :: A heads-up for anyone using ORBS for spam filtering: :: :: ORBS has added the following manual entries to its database: :: :: 18.160.46.202.inputs.orbs.org IN TXT "Domainz.net.nz - Attacks :: on ORBS and ORBS hosters." :: 50.160.46.202.inputs.orbs.org IN TXT "Domainz.net.nz - Attacks :: on ORBS and ORBS hosters." :: 37.16.96.203.inputs.orbs.org IN TXT "Delivery point for :: Domainz.net.nz - Attacks on ORBS and ORBS hosters." :: :: These represent the hosts www.domainz.net.nz, office.domainz.net.nz and :: mail2.actrix.gen.nz respectively. The records were added on the 9th :: Feb 2001, according to the ORBS database web pages. :: :: The impact of this is that if a site is using ORBS for spam blocking, it :: will reject mail from the Domainz automated systems, including :: notifications of passwords, nameserver changes, reminders of accounts :: due and other automatically generated DRS notifications. It will also :: reject mail from the Actrix list server, which includes Domainz mailing :: lists, ISOCNZ mailing lists and presumably others. Normal customer :: service email should be unaffected, as these come from other Actrix :: hosts. :: :: Suffice to say, none of these addresses have been used to attack the :: ORBS service or systems, nor do the mail servers on these addresses :: relay spam or block ORBS queries. Email queries to ORBS by myself and :: Actrix staff have not elicited a reply. :: :: Unless ORBS decides to remove these records, anyone needing to to :: communicate (or having customers that may need to communicate) with :: Domainz should ensure that ORBS is not in use by their mail exchangers, :: or arrangements to bypass the blocks on the Domainz addresses are in :: place. :: :: -- don :: --------- :: To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz :: where the body of your message reads: :: unsubscribe nznog --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Juha Saarinen wrote:
Heh. So... what's the deal with the alleged attacks and Domainz spam? Is Actrix really blocking ORBS? I think we should be told.
No, Actrix does NOT block ORBS. Infact ORBS are currently scanning us. Cheers John --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: No, Actrix does NOT block ORBS. Infact ORBS are currently scanning us. Scan the buggers back then. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: No, Actrix does NOT block ORBS. Infact ORBS are currently scanning us.
Scan the buggers back then.
I say we nuke the site from orbit... --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Be reasonable Hamish this is NZ we can't resort to Nukes (yet) Can we Agent Orange him instead? At 09:52 a.m. 16/02/2001 +1300, you wrote:
:: No, Actrix does NOT block ORBS. Infact ORBS are currently scanning us.
Scan the buggers back then.
I say we nuke the site from orbit...
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: I say we nuke the site from orbit... The guys at Clear did a pretty good job of it recently, when they loop-routed their IP block... This is what it looked like.... $ traceroute www.orbs.org traceroute to www.orbs.org (202.36.147.16), 64 hops max, 40 byte packets 1 host-33.automagic.org (207.61.141.33) 1.538 ms 1.354 ms 1.435 ms 2 moron.pinhead.telco (10.1.3.153) 10.758 ms 9.97 ms 25.577 ms <snip> 26 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 302.315 ms 314.573 ms 309.528 ms 27 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 301.816 ms 317.590 ms 302.104 ms 28 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 310.257 ms 303.188 ms 306.846 ms 29 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 307.191 ms 302.940 ms 307.561 ms 30 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 308.255 ms 309.626 ms 310.494 ms 31 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 305.815 ms 308.365 ms 304.883 ms 32 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 304.541 ms 310.367 ms 305.126 ms 33 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 316.121 ms 309.629 ms 315.285 ms 34 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 317.81 ms 332.798 ms 307.263 ms 35 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 317.827 ms 308.637 ms 318.498 ms 36 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 320.547 ms 312.409 ms 321.100 ms 37 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 320.779 ms 319.84 ms 348.172 ms 38 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 350.816 ms 387.774 ms 327.935 ms 39 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 324.980 ms 317.71 ms 316.865 ms 40 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 318.639 ms 356.981 ms 334.884 ms 41 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 315.441 ms 316.925 ms --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
That wasn't a route loop as such... it was physical circuit failure between ded1-acc-skyt.qsi.net.nz and the manawatu border router... but yes, a Clear problem I believe. On Fri, 16 Feb 2001, Juha Saarinen wrote:
:: I say we nuke the site from orbit...
The guys at Clear did a pretty good job of it recently, when they loop-routed their IP block...
26 ded1-acc-skyt.qsi.net.nz (202.89.128.70) 302.315 ms 314.573 ms 309.528 ms 27 gateway1-acc-skyt.qsi.net.nz (202.89.128.65) 301.816 ms 317.590 ms 302.104 ms
--- Matt Camp Head Geek Quicksilver Internet / Mercury Telecommunications --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: That wasn't a route loop as such... it was physical circuit failure :: between ded1-acc-skyt.qsi.net.nz and the manawatu border router... but :: yes, a Clear problem I believe. Physical failure? Caused by a small tactical nuke? ;-) --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Feb 16, 2001 at 10:30:08AM +1300, Juha Saarinen wrote:
:: I say we nuke the site from orbit...
The guys at Clear did a pretty good job of it recently, when they loop-routed their IP block...
This is what it looked like....
$ traceroute www.orbs.org traceroute to www.orbs.org (202.36.147.16), 64 hops max, 40 byte packets 1 host-33.automagic.org (207.61.141.33) 1.538 ms 1.354 ms 1.435 ms 2 moron.pinhead.telco (10.1.3.153) 10.758 ms 9.97 ms 25.577 ms
Blimey, that looks familiar. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: > 1 host-33.automagic.org (207.61.141.33) 1.538 ms 1.354 ms 1.435 ms :: > 2 moron.pinhead.telco (10.1.3.153) 10.758 ms 9.97 ms 25.577 ms :: :: Blimey, that looks familiar. Joe lives there. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Fri, Feb 16, 2001 at 09:52 +1300, Hamish Guthrey wrote:
I say we nuke the site from orbit...
It's the only way to be sure. Hamish. (another one.) -- Our greatest glory is not in never failing, but in rising up every time we fail. -Ralph Waldo Emerson --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 15 Feb 2001, Juha Saarinen wrote:
:: No, Actrix does NOT block ORBS. Infact ORBS are currently scanning us.
Scan the buggers back then.
The possibility exists that ORBS would consider that an ORBSable offence/attack/something, and ORBSulate the source netblock for doing so. There are, in my opinion, obvious and blatant perils in using an opt-in spam-blocking service which is controlled by anything other than an ISOCNZ[1]-style organisation, as opposed to a single person or corporate entity which may let it's own agenda items become influences on the aforementioned spam-blocking system. JSR [1] And by ISOCNZ, I mean a pure, untainted ISOCNZ-style body, with democracy, representation, input from the industry, and all that other good stuff. An ISOCNZ which casts it's shadow on the wall of the cave, if you will. In fact, running such a spam-blocking service is arguably something that ISOCNZ _should_ be doing. -- John S Russell Geek & Gentleman of Leisure --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: The possibility exists that ORBS would consider that an ORBSable :: offence/attack/something, and ORBSulate the source netblock for doing so. If everybody did it, then Manawatu Internet Services would have a nice and clean intranet to play with. :: [1] And by ISOCNZ, I mean a pure, untainted ISOCNZ-style body, with :: democracy, representation, input from the industry, and all that other :: good stuff. An ISOCNZ which casts it's shadow on the wall of the cave, if :: you will. In fact, running such a spam-blocking service is arguably :: something that ISOCNZ _should_ be doing. Pass the crack pipe, mate. ;-) -- Juha --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 15 Feb 2001, Don Stokes wrote:
A heads-up for anyone using ORBS for spam filtering:
So, does anyone actually use ORBS for spam filtering? I spent a few weeks in the loving arms of ORBS last year, and the only mail bounced back to me was from MIS. Enquiring minds... Cheers Si --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Well, not to put too fine a point on it, I ( my opinion only ) always thought the person running it was all togeather to anal retentive to trust with anything useful, let alone my customers email ! -----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Simon Blake Sent: Thursday, 15 February 2001 11:57 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: ORBS blocking Domainz servers On Thu, 15 Feb 2001, Don Stokes wrote:
A heads-up for anyone using ORBS for spam filtering:
So, does anyone actually use ORBS for spam filtering? I spent a few weeks in the loving arms of ORBS last year, and the only mail bounced back to me was from MIS. Enquiring minds... Cheers Si --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On 15 Feb 2001, at 23:57, Simon Blake wrote:
On Thu, 15 Feb 2001, Don Stokes wrote:
A heads-up for anyone using ORBS for spam filtering:
So, does anyone actually use ORBS for spam filtering? I spent a few weeks in the loving arms of ORBS last year, and the only mail bounced back to me was from MIS.
Enquiring minds...
Back in my youth, I started to use MAP, DULS, and ORBS. ORBS started to block people from the mail server and complaints started coming in from people who couldn't access various mailing list. So I dropped ORBS. Since then, nobody else has complained about being blocked from the list. But I've not reinstituted it. -- Dan Langille pgpkey - finger dan(a)unixathome.org | http://unixathome.org/finger.php got any work? I'm looking for some. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 00:05 16/02/01 +1300, Dan Langille wrote:
Back in my youth, I started to use MAP, DULS, and ORBS. ORBS started to block people from the mail server and complaints started coming in from people who couldn't access various mailing list. So I dropped ORBS. Since then, nobody else has complained about being blocked from the list. But I've not reinstituted it.
So did the level of spam you received increase any when you stopped using ORBS ? --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On 16 Feb 2001, at 9:48, James Bell wrote:
At 00:05 16/02/01 +1300, Dan Langille wrote:
Back in my youth, I started to use MAP, DULS, and ORBS. ORBS started to block people from the mail server and complaints started coming in from people who couldn't access various mailing list. So I dropped ORBS. Since then, nobody else has complained about being blocked from the list. But I've not reinstituted it.
So did the level of spam you received increase any when you stopped using ORBS ?
The sample period was too short. I was using ORBS for a very short time. I can't recall exactly, but I'm guessing it was less than a day. If memory serves, it took very little time for complaints about bounces messages to arrive. I think I put in ORBs and then removed it within the same day. But that would be an interesting exercise. When spam does arrive, take the IP of the mail server and see if it's in ORBS. -- Dan Langille pgpkey - finger dan(a)unixathome.org | http://unixathome.org/finger.php got any work? I'm looking for some. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
"Dan Langille"
But that would be an interesting exercise. When spam does arrive, take the IP of the mail server and see if it's in ORBS.
A quick test got me 54 matches from 178 addresses from my spambox from the last 2-3 months, or about 30% -- the proportion over just the last month (88 messages, 30 hits) is about 34%. That's better than I had expected, but filtering based on headers gives a hit rate of around 90% and works without involving external agencies and their policies. Of my filters, the one that traps messages lacking a To: address to me is the most effective, although mailing lists have to be allowed for. Open relay spam mostly has bogus To: addresses, so using an open relay blocker of any colour would buy me very little. -- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 11:32 16/02/01 +1300, Don Stokes wrote:
A quick test got me 54 matches from 178 addresses from my spambox from the last 2-3 months, or about 30% -- the proportion over just the last month (88 messages, 30 hits) is about 34%. That's better than I had expected, but filtering based on headers gives a hit rate of around 90% and works without involving external agencies and their policies.
Similarly, checking all IP's that connected to our mail server yesterday; around 6% were listed in ORBS. (inputs.orbs.org, that is). Not as many as I was expecting, actually. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Feb 15, 2001 at 11:57:16PM +1300, Simon Blake wrote: So, does anyone actually use ORBS for spam filtering? I spent a few weeks in the loving arms of ORBS last year, and the only mail bounced back to me was from MIS. I used to be an ardent supporter of ORBS when it was used solely for listing open-relays -- but now it seems this criteria has been widened. This is a shame because it seems it can no longer be used reliably. I now have my own system -- query x.y.z.w.orbs-wanna-be.f00f.org to see if you are listed :) --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (15)
-
Bob Baal -
Chris Wedgwood -
Dan Langille -
Don Stokes -
Hamish Guthrey -
Hamish MacEwan -
J S Russell -
James Bell -
Joe Abley -
John Vorstermans -
Juha Saarinen -
Matt Camp -
Peter Mott -
Simon Blake -
Tony Wicks