Relevant text extracted as evidence from:

The hall of shame. are now blocking all access to the ORBS website and mailservers, so if you are an customer and wondering why you can't see this site directly, that's why. If you are blocked from direct access, try going through

Late addition: are now broadcasting nullroutes for all the published ORBS nameservers. have been broadcasting routes to third parties for ORBS netblocks since mid-May 2000 via BGP at various peering points worldwide - confirmed at London Internet Exchange and Vienna Internet Exchange, then nullrouting traffic destined to our website and mailservers.

Legal advice is that advertising routes to ORBS at these internet exchanges is a breach of applicable criminal laws in the UK and in Austria and may result in seizure of all equipment in London Internet Exchange if anyone feels wronged enough to file a criminal complaint about the theft of packets.

If do not wish to carry ORBS traffic, that is their decision and if they choose to blackhole traffic internally, that is also their decision. However advertising routes to ORBS outside their own network in order to attract network packets destined for ORBS and then dump that traffic once it is inside their network is fraudulent.

If truely thought ORBS was abusive as they claim, they would be blocking packets from ORBS, not to ORBS and they would taking care not to advertise routes to ORBS pointing into their network at peering points.

As owners are also MAPS owners, this can be very easily explained as MAPS attempting to shut down competition - MAPS is a commercial organisation which is moving to a fee-based structure. ORBS is not. MAPS and management refuse to discuss this backdoor RBLing of ORBS with anyone. As MAPS endured a storm of criticism late in 1999 for adding ORBS to the RBL publically, this again underlines MAPS attempts to shut down ORBS. See Dejanews for details.

Several MAPS employees feel the same way by all accounts. At least one recent MAPS resignation letter (Nick Nicholas, Executive Director) has cited this backdoor attack on ORBS among the reasons for leaving.

Paul Vixie owns MAPS LLC. He is also a senior manager in and has appeared as a representative of in dealings with our supplier on this issue. Previously he was forced to remove ORBS from the MAPS RBL due to public criticism. While Dave Rand was making the initial threats to ORBS and Telecom NZ over ORBS as an representative, Paul Vixie is now the one making those threats.

Dave Rand is CTO of He is also vice president of MAPS LLC. Dave Rand was responsible for the addition of ORBS to the MAPS RBL without following published MAPS procedure. The actual addition of ORBS into the MAPS RBL was done by Paul Vixie. Shortly after the removal of ORBS from the MAPS RBL, he started threatening ORBS suppliers and DNS sites, then blocked the ORBS tester, resulting in space being marked as untestable.

When customers mailed ORBS asking about this, this was explained to them. Several reported that they had been told that explicit paths had been opened between them and the tester - claims which were easily proved false. After about a dozen such incidents, some of which resulted in several peering agreements being discontinued and networks changing supplier to get away from, then started nullrouting traffic destined to the ORBS website and mailservers.

For these reasons, ORBS admins believe that is using MAPS as a commercial weapon and that MAPS is using routing adverts to generate "secret" RBL entries. During Easter 2000, broadcast static routes for ORBS with routing metrics so low that traffic was attracted away from other network paths to our suppliers. Those adverts persisted for a full day after routing to ORBS netblocks was switched off by ORBS suppliers as an experiment to track the source of the blackhole.

Because of ongoing claims about multiple steps between ORBS and, it is worth noting when tracerouting that,, and are all the same company.

Telecom NZ are broadcasting superblock routes containing the ORBS netblocks into and refuse to stop doing so. As a result, ORBS is unreachable from many parts of the world due to repeating those adverts at peering points, when alternate paths do exist.

Telecom NZ claim to be broadcasting longer prefix routes for ORBS netblocks into alternate paths. There is no proof of this being seen at any looking glass server worldwide. Discussion of this and why Telecom NZ are refusing to break up the superblock route in order to prevent ORBS routes being broadcast into space may be undertaken with Chris Thompson

Dave Rand has been interviewed twice by IDG NZ about this issue. The first time, he denied was blocking anything, then terminated the interview when asked to explain traceroutes from London Internet Exchange clearly showing nullrouting within The second time, he refused to comment, saying he had nothing to do with it and it was a matter between ORBS and its suppliers - despite the fact that our supplier's techs have stated that all email from on the issue has come from Dave Rand and has contained explicit threats against them related to hosting of ORBS. - 63.248.16/21 63.248.24/22 64.7.0/24 149.54/16 149.172/16 155.211/16 165.231/16 192.41.214/24 192.67.14/24 192.67.173/24 192.83.249/24 192.84.20/24 192.84.243/24 192.101.44/24 192.136.112/24 192.216.144/21 192.246.117/24 198.17.5/24 198.32.176/24 198.32.180/24 198.51.109/24 198.51.110/24 198.176.193/24 199.46.16/20 199.46.18/23 199.74.206/24 199.88.158/24 199.184.82/24 202.163.96/19 204.87.178/24 204.89.131/24 204.176.224/19 205.159.173/24 205.166.121/24 206.223.78/24 207.106.62/24 207.126.96/24 207.126.96/19 208.184/16 208.184/15 208.184.240/24 209.66.64/18 209.133.0/17 209.150.126/23 209.177.67/24 209.177.68/24 209.177.71/24 209.177.87/24 209.177.92/24 209.237.0/19 209.249/16 209.249.118/24 209.249.227/24 212.38.160/19 212.69.160/19 212.197.144/20 216.59.4/23 216.59.8/22 216.59.62/23 216.59.78/23 216.59.80/22 216.59.84/23 216.59.86/23 216.59.88/23 216.157.48/21 216.168.128/19 216.200/16 206.14/16 204.152.184-191, 202.228.0/18 and many more. These are being manually checked and added from adverts at London and Vienna Internet Exchanges.

Contact: - but read the website first.

Thursday, 11 May, 2000

No-one takes blame for missing email

Manawatu ISP claims US ISP is blocking email

Paul Brislen, Auckland

A New Zealand ISP says email bound for its users is being blocked by a US-based ISP, but neither the ISP or Telecom are willing to sort out the problem.

"AboveNet is trying to intercept mail coming into Telecom and on to MIS [Manawatu Internet Services]. Their routers are advertising for our net blocks," says MIS director, George Annear. "It appears to be only mail routed through AboveNet that's affected."

Networks arrange for traffic to be routed back to their IP addresses by advertising an appropriate route to peers and providers, based on speed and capacity. AboveNet advertises its availability and then is supposed to deliver MIS traffic on to the ISP.

"They're filtering based on content for MIS."

Annear says AboveNet is doing this solely because of MIS's role in the ORBS open relay black list. MIS was hosting both the list and testing, but has since shifted the testing facility to Europe. It is mail about the ORBS list that is being blocked, says Annear.

But AboveNet denies it is blocking any email.

"At no time am I intercepting their mail," says AboveNet co-founder Dave Rand, speaking from the US. He says the problem is one between Telecom and MIS and AboveNet doesn't involve itself in difficulties between one of its customers and their customers.

Telecom, however, says the missing email is nothing to do with them as this is a problem MIS is having with AboveNet.

"We provide the road, if you like, and it's up to our customers as to what they do on it," says spokesperson Linda Sanders.

That leaves Annear without any clear action to take, and without any email.

"I've made direct representations to [Telecom] saying what's happening is illegal, but they're not interested."

Annear says his only option is to make waves publicly about the issue.

"It's only going to change when people start losing customers because of what they're doing."

Annear says there aren't any laws in place that are applicable to this situation and there isn't any contract between MIS and AboveNet — his contract is with Telecom.

"The fact is [AboveNet is] an overseas' company and I would guarantee there are no international laws that cover this."

Monday, 29 May, 2000

Telecom plays hardball with Manawatu ISP

We would act in case of defamatory statements, says Telecom statement

Paul Brislen, Auckland

Telecom denies being responsible for the US-based network provider AboveNet blocking email to Manawatu Internet Services - and goes so far as to threaten legal action if MIS says it is.

"Telecom/Xtra would vigorously defend any legal action as we believe MIS's allegations to be baseless. We would also act if defamatory statements were made by MIS," says Telecom.

MIS accuses AboveNet of blocking its email traffic from Europe and of filtering email bound for MIS based on content. AboveNet denies it is doing this, but MIS director George Annear believes he has evidence that suggests AboveNet is filtering email in an attempt to block traffic from the ORBS open-relay blacklist testing facility in Europe.

ORBS, a customer of MIS, is a blacklist of servers which are open rather than closed and can be used by spammers to hide their tracks. Both MIS and AboveNet have similar policies about spam and both champion the anti-spam fight. Both Telecom and AboveNet have been listed on the ORBS database for operating open-relay servers.

AboveNet claims MIS is "act[ing] in breach of AboveNet's acceptable usage policy", according to Telecom's statement. AboveNet would not discuss the matter as it has a policy of not commenting on ongoing custom er relations issues, says AboveNet co-founder, Dave Rand. But Annear says he has made no allegations against Telecom or Xtra, has no contract with AboveNet and so cannot breach its "acceptable usage policy" and refutes Telecom's assertion that the impact on MIS is negligible.

"Is it negligible to have emails taking eight to 10 days to come through? I could fly to Britain, print off the email, fly home and hand them out in less time than that."

Annear does accept that Telecom is not directly responsible for the loss of the email, and has never alleged that it is, but says as his contract is with Telecom. "The only people we can complain to are our supplier of services, which is Xtra. It's up to Xtra to complain on to AboveNet."

Telecom's statement goes on to invite MIS to "seek an alternative provider", other than Telecom and says Telecom would "be happy to facilitate a smooth transition", which Annear laughs at. "I have an obligation to my customers in the same way Telecom has an obligation to me and they are not fulfilling it."

July 7, 2000

Spam Fighter Wars: ORBS Accuses MAPS of Blackholing Traffic

Open Relay Behaviour-modification System (ORBS) probes e-mail servers on the Net and maintains a blacklist of those that allow open relaying, which spammers use to spam. Mail Abuse Prevention System (MAPS) maintains a different blacklist of sites (Realtime Blackhole List, RBL) which support spam via open relays and other infrastructure. MAPS added ORBS to RBL because they considered ORBS's automated mail scans to be abuse. The feud between the two has reached alarming proportions.

According to ORBS,, an ISP partly owned by the guys who run MAPS (Paul Vixie and Dave Rand), advertises packet routes for ORBS then drops them. If true, this means that Net traffic meant for ORBS heads through routers where it dies, resulting in netsurfers being unable to reach ORBS or use their service. may only be drawing traffic from those ISPs that have requested it to, but the situation is murky at the moment. The story illustrates how large ISPs with global points of presence have the power to shut down traffic to competitive sites. Big, big story in Internet insider circles. Meanwhile, MAPS RBL is also a target of a lawsuit from DirectMag has that.

Anti-spammers turn guns on each other

By: Kieren McCarthy
Posted: 19/07/2000 at 15:10 GMT

It may seem incredible, but those companies set up to prevent the abuse of modern communications (namely, spam) don't seem to be above a bit of active sabotage. How come? All down to money, sadly.

The ongoing war between ORBS, and MAPS has come to light thanks to Alan Cox's widely read diary (for those that don't know, Alan Cox is a Linux guru, complete with foaming, crazed groupies). Both ORBS and MAPS offer a screening service that cuts out unwanted and unsolicited mail. is an ISP with two interesting characteristics: one, it is included on ORBS' blacklist of open-relays (which allows spammers to disguise themselves); two, its head, Paul Vixie, runs both and MAPS.

Alan Cox's entry for 17 July reads: "Under repeated alleged attacks from Paul Vixie's, ORBS has shut down its services - Paul Vixie who just happens to own MAPS which just happens to have ORBS as a notional competitor were he to go commercial, anyone taking bets he does? Due to the amount of spam I get without ORBS filtering, I'm going to be implementing draconian filtering. Basically if you aren't someone who regularly mails me - tough you'll probably never get a reply now."

So what we seem to have here is an ISP, with a vested interest in an anti-spam company planning to go commerical, having a go at another, non-commercial anti-spam company. Looks very messy to us. What's more, it's not terribly hard to see what is up to. According to observers, it's not even just blocking ORBS packets (presumably to search for a mention of in its blacklist), it is actually actively counteracting ORBS traffic. This is not a good way of getting the Net community on your side, but then if the idea is to put ORBS out of business, it is having the desired effect.

We deplore blocking terrorism, and in this case, since it isn't even a commercial battle, these tactics would seem very inappropriate. If is really behind this, we've no doubt the full, hidden force of the Internet will be brought to bear.

The ORBS/MAPS anti-spam battle revisited

By: Kieren McCarthy
Posted: 20/07/2000 at 17:48 GMT

Since we posted a story repeating allegations made by ORBS anti-spammers that ISP was purposefully blocking ORBS traffic, apparently to clear the way for a commercial MAPS (also an anti-spammer service and run by creator Paul Vixie), we have had emails fighting into our inbox.

It's no secret that ORBS and MAPS aren't exactly best friends but the pressure-cooker rivalry became too much, allegations started flying and we are now faced with a partisan split. As one reader stated: "A user's choice of ORBS or MAPS is as religious as their choice of OS."

Despite a largely positive press response to ORBS, its supporters seem the more deranged. It is a simple fact of the Net industry that it is populated with highly loyal but blinkered individuals. Something is either the best in the world or the worst.

As such, it's hard to know whether the accusation that Alan Cox (a pro-ORBS Linux guru whose diary alerted The Reg to the situation) is making "hysterical claims" is made from an anti-ORBS, anti-Linux or anti-Cox standpoint. A lot of the emails are slightly calmer versions of newsgroup crazy rants and words like "conspiracy", "grudge" and "fanatic" have cropped up with alarming regularity.

So what is going on? Well, it's unlikely that we'll ever find out the full details of the current saga, but there is general agreement that it started when ORBS blacklisted MAPS and Depending on who you believe this is either totally justified or completely malicious. clearly didn't like this much and so added some routing entries to block ORBS traffic. Is it on an all-out ORBS attack mission? ORBS says yes, MAPS and vaguely deny it and the various supporters bicker. Either ORBS is stupid and melodramatic or is totally bent on destruction. We'll tell you what we think in a minute.

As for the claims that MAPS is planning to go commercial (thus providing the "motive" in this sorry mess), well, it is either completely false or utterly true. "It's registered as a not-for-profit company!" many claim. Is that an official, legally binding registration? No, we thought not.

One comment which we can't disagree with is that while Alan Cox's opinion has been taken seriously (and true, he was simply repeating ORBS' allegations), the equally significant reputation of Paul Vixie (the man that ties with MAPS) has been overlooked. Oh, and claims that and MAPS can't be connected have, we're afraid, fallen on deaf ears.

Okay, so we've gone through what everyone else thinks, what does The Reg think? We reckon, as we said in the sub-head, it's six of one and half a dozen of the other. It was a fight both were itching to have and no matter how much either of them put on their cherub faces and swear they did nothing wrong, they are both as guilty as each other.

ORBS more than likely found an open relay system somewhere on and used this to blacklist the ISP and MAPS for good measure. Understandable, if a little childish. (Incidentally, the different reactive/proactive approaches that MAPS and ORBS use are to us simply a variation on a theme - we think neither ultimately better suited.) then over-reacted and it does seem clear that it is partaking of a rather pointed attack on ORBS and its traffic. ORBS' apparent claim that this is putting it out of business is bunkem. As for MAPS planning to become an all-mighty profit-making conglomerate - we don't buy it. It's too easy an argument and it presses the right button a little too strongly. We've been sniffing around these commercial claims all day and we see nothing more than an intention to scrape a little money off big corporations. A Microsoft it ain't.

Alan Cox - we don't even want to go there. We get enough email from Linux fanatics already.

Paul Vixie? Well, yes, he is a smart cookie. But he simply isn't the people-loving hero that many would wish us to believe. Christ, if you get anywhere in this industry you have a brain, a steel nerve and the balls to back both up. And let's not forget the court order against MAPS which prevents it from blacklisting

All in all, this is a spat. Hopefully the concerned parties will all calm down and recognise that they have more to lose by bashing each other than they have to gain.

Still, good viewing, no?,2000010021,20061370-1,00.htm

August 9, 2000

Insider slams Kiwi spam fighters

By Ben Charny, ZDNet News

ORBS' proactive approach to fighting bulk e-mail may actually help spammers. But the group's chief critic is under the gun, too.

ORBS, an organization in New Zealand opposed to bulk e-mail, appears to be fighting spam with spam.

The group takes it upon itself to test networks for bad e-mail filters. Unlike its chief competitor, the Mail Abuse Prevention System (MAPS), ORBS doesn't wait for spam complaints.

But the thousands of e-mails needed to poke and prod a system for weak links are apparently considered spam by AboveNet, one of its ISPs.

Unless it changes its ways, or switches to another ISP, AboveNet is planning to block ORBS e-mail, sources said Wednesday.

Signs pointing to MAPS?

Although ORBS did not respond to an e-mail seeking comment, its defenders point out a curious connection between MAPS, AboveNet and anti-spam activist Paul Vixie.

AboveNet is owned by Metromedia Fiber Networks, where Vixie is a senior vice president. Vixie is also a managing member of MAPS, which briefly added ORBS to its "black hole" list of supposed spammers last summer.

More than 20,000 companies subscribe to the MAPS list and routinely block e-mail traffic from companies on the list.

A spokesman for Vixie denied any wrongdoing.

"AboveNet has a perfect right to do this," said spokeswoman Kelly Thompson.

But ORBS has its enemies, too.

ORBS has gained a bad reputation among some anti-spam activists, according to David Wright, a Web pioneer who sits on a citizens advisory panel for a bulk e-mailing company.

"Many people consider ORBS an abusive organization," Wright said in an e-mail. Aside from probing sites for weaknesses, the group also publishes details that "possibly aid spammers who are looking for just such sites," Wright wrote.

January 9, 2001

How a transit provider gets involved in net.terrorism


My name is Sabri. I'm just another dude involved in internetworking and I work for a small isp in The Netherlands.

I am concerned. Concerned about people and companies who think they are in the position to be net.gods and for political reasons destroy the free character of the internet.

In the history of the internet, people have been trusting each other. On the lower technical levels, great things like peering have been developed. At the various IX'es, commercial and non-profit companies exchange information about each others routes using BGP4 and various other routing protocols.

In my opinion, announcing a netblock using BGP4 is making a promise to carry traffic to a destination within that netblock. If you feel that parts of that network are against your ethics or AUP, you should not be announcing such a netblock. If you do so, you will make a promise which you do not forfill. That is not a nice thing to do in a world which is based on trust and agreements between parties.

I was shocked to find out that one of the larger transit providers (which the company I work for buys transit from) is actively violating the trust it has been given by the internetworld. is blocking a host in UUnet IP space. After finding out about this we notified in The Netherlands and asked what it was about and requested them to stop announcing the netblock if they would continue to nullroute the host involved. After various contacts about this matter, answered with the following statements (according to the salesdroid it came from Paul Vixie himself):

> --> this tester is part of a /16 belonging to uunet, and
> sends traffic which is in violation of our AUG.  we complained to uunet
> without any effect.  if we have blocked access from this /32 to our
> backbone, we are within our rights.

After this mail, we contacted again. They basically told us it was for our own protection because that traffic from that host does not comply to their AUP.

The fact that this whole story concerns the ORBS relaytester is in my opinion completely irrelevant. Today it is ORBS, tomorrow it is Microsoft and the day after that it is NANOG for saying bad things about Above.

When you make a promise, keep a promiss.

People who have an opinion on this, please go to this poll to speak up.

Here is some info:


Type escape sequence to abort.
Tracing the route to (

  1 [AS 8918]
  2 ( [AS 6461]
  3 ( [AS 6461] 
  4 ( [AS 6461] 
  5 POS3-0-0.GW8.NYC4.ALTER.NET ( [AS 701] 
  6 140.ATM3-0.XR2.NYC4.ALTER.NET ( [AS 701] 
  7 ( [AS 701] 
  8 ( [AS 701]
  9 so-0-0-0.IR2.NYC12.ALTER.NET ( [AS 701] 
 10 SO-5-0-0.TR2.LND2.Alter.Net ( [AS 702] 
 11 SO-6-0-0.TR2.AMS2.Alter.Net ( [AS 702] 
 12 SO-6-0-0.XR2.AMS2.Alter.Net ( [AS 702] 
 13 POS2-0.GW3.AMS2.Alter.Net ( [AS 702] 
 14 ( [AS 1890]
 15 [AS 13127] 
 16 ( [AS 13127] 
 17 [AS 13127] 1
 18 [AS 13127] 
 19 ( [AS 702] 


Type escape sequence to abort.
Tracing the route to (

  1 [AS 8918] 0 msec 0 msec 0 msec
  2 ( [AS 6461]  
  3 ( [AS 6461]
  4 ( [AS 6461] 
  5 ( [AS 6461] 
  6 ( [AS 6461]
  7  *  *  * 
  8  *  *  * 
  9  *  *  * 
 10 ( [AS 6461] !H  *  * 

ams-ix-bfr#sho ip bgp
BGP routing table entry for, version 12773024
Paths: (3 available, best #2, table Default-IP-Routing-Table)
  Advertised to non peer-group peers: 
  12859 174 702 from (
      Origin IGP, localpref 100, valid, internal
  6461 701 702 from (
      Origin IGP, metric 6256, localpref 100, valid, external, best
  6461 701 702, (received-only) from (
      Origin IGP, metric 6256, localpref 100, valid, external

RBL turf wars

Date: Fri, 16 Nov 2001 19:30:35 -0800 (PST)
From: Roger Marquis 
To: <>
Subject: Re: RBL turf wars (was: ABOVE.NET BLOCKING ORBZ!)

> >Check this out, I can't get to Orbz's website anymore (and I suspect you
> >can't either):

We can't either.  Attached is a letter from a customer forwarded
to our upstream (another victim/ISP).  If Above.Net wants
to shed customers like a duck sheds water these filters will surely
have that effect.

Roger Marquis
Roble Systems Consulting

>I'm unable to access my primary spam filter subscription,,
>thanks to some clueless filter-nazi at  Can you add a route
>to orbz ( through ###### (bypassing
>As you know ####### provides spam filtering services to its customers
>via orbz, orbl, ordb, and other dns subscription services.'s
>un-announced and un-approved IP filters are impacting our services,
>customers, and cash-flow.  I hope you and are aware that
>these filters are causing financial hardship to ##########.
>Longer-term, please let me know if you decide to open a worldcom
>co-lo.  This is the second time we've been screwed by (the
>first due to their blocking and we are preparing to move to
> or another ISP to avoid these petty, unprofessional, and
>ongoing RBL turf battles.
>>traceroute to (, 30 hops max, 40 byte packets
>> ...
>> (  1.548 ms !H * *
>> * * *
>> ...

VisualRoute Report on Feb 22, 2002

Report for [] 
Analysis: IP packets are being lost past network "Abovenet Communications, Inc." at hop 19. There is insufficient cached information to determine the next network at hop 20. Connections to HTTP port 80 are being refused. Node at hop 19 in network "Abovenet Communications, Inc." reports "The destination network is unreachable". 

Hop %Loss IP Address Node Name Location Tzone ms Graph Network
0 1 ... (private use)
1 - ... 0 x (private use)
2 (Norway) +01:00 8 x XDSL access and service provider in Norway
3 (Norway) +01:00 5 x XDSL access and service provider in Norway
4 (Norway) +01:00 11 x- XDSL access and service provider in Norway
5 (Norway) +01:00 14 x- XDSL access and service provider in Norway
6 (Norway) +01:00 21 x- XDSL access and service provider in Norway
7 Oslo, Norway +01:00 19 x- Teleglobe's customer's access /30 in OFT-MSFC1 OSLO
8 Oslo, Norway +01:00 14 x- Teleglobe Europe Backbone
9 Oslo, Norway +01:00 17 x- Teleglobe Backbone - Internal use
10 - 51 -x-- Teleglobe Europe Net
11 Frankfurt, Germany +01:00 41 x- DE-CIX Frankfurt IXP
12 Frankfurt, Germany +01:00 50 -x Abovenet Communications, Inc.
13 Paris, France +01:00 55 x Abovenet Communications, Inc.
14 London, UK * 59 x- Abovenet Communications, Inc.
15 Washington, DC, USA -05:00 124 x Abovenet Communications, Inc.
16 San Jose, CA, USA -08:00 189 -x- Abovenet Communications, Inc.
17 San Jose, CA, USA -08:00 192 x- Abovenet Communications, Inc.
18 San Jose, CA, USA -08:00 188 -x Abovenet Communications, Inc.
19 100 San Jose, CA 95113 192 x Abovenet Communications, Inc.
... San Jose, CA 95113 Abovenet Communications, Inc.
Roundtrip time to, average = 192ms, min = 192ms, max = 193ms -- 22-Feb-02 4:20:42 PM



[ ]