|
|
|
Above.net are now blocking all access to the ORBS website and mailservers, so if you are an above.net customer and wondering why you can't see this site directly, that's why. If you are blocked from direct access, try going through http://www.anonymiser.com/
Late addition: Above.net are now broadcasting nullroutes for all the published ORBS nameservers.
Above.net have been broadcasting routes to third parties for ORBS netblocks since mid-May 2000 via BGP at various peering points worldwide - confirmed at London Internet Exchange and Vienna Internet Exchange, then nullrouting traffic destined to our website and mailservers.
Legal advice is that advertising routes to ORBS at these internet exchanges is a breach of applicable criminal laws in the UK and in Austria and may result in seizure of all above.net equipment in London Internet Exchange if anyone feels wronged enough to file a criminal complaint about the theft of packets.
If above.net do not wish to carry ORBS traffic, that is their decision and if they choose to blackhole traffic internally, that is also their decision. However advertising routes to ORBS outside their own network in order to attract network packets destined for ORBS and then dump that traffic once it is inside their network is fraudulent.
If above.net truely thought ORBS was abusive as they claim, they would be blocking packets from ORBS, not to ORBS and they would taking care not to advertise routes to ORBS pointing into their network at peering points.
As Above.net owners are also MAPS owners, this can be very easily explained as MAPS attempting to shut down competition - MAPS is a commercial organisation which is moving to a fee-based structure. ORBS is not. MAPS and Above.net management refuse to discuss this backdoor RBLing of ORBS with anyone. As MAPS endured a storm of criticism late in 1999 for adding ORBS to the RBL publically, this again underlines MAPS attempts to shut down ORBS. See Dejanews for details.
Several MAPS employees feel the same way by all accounts. At least one recent MAPS resignation letter (Nick Nicholas, Executive Director) has cited this backdoor attack on ORBS among the reasons for leaving.
Paul Vixie owns MAPS LLC. He is also a senior manager in above.net and has appeared as a representative of above.net in dealings with our supplier on this issue. Previously he was forced to remove ORBS from the MAPS RBL due to public criticism. While Dave Rand was making the initial threats to ORBS and Telecom NZ over ORBS as an above.net representative, Paul Vixie is now the one making those threats.
Dave Rand is CTO of above.net. He is also vice president of MAPS LLC. Dave Rand was responsible for the addition of ORBS to the MAPS RBL without following published MAPS procedure. The actual addition of ORBS into the MAPS RBL was done by Paul Vixie. Shortly after the removal of ORBS from the MAPS RBL, he started threatening ORBS suppliers and DNS sites, then blocked the ORBS tester, resulting in above.net space being marked as untestable.
When above.net customers mailed ORBS asking about this, this was explained to them. Several reported that they had been told that explicit paths had been opened between them and the tester - claims which were easily proved false. After about a dozen such incidents, some of which resulted in several peering agreements being discontinued and networks changing supplier to get away from above.net, above.net then started nullrouting traffic destined to the ORBS website and mailservers.
For these reasons, ORBS admins believe that above.net is using MAPS as a commercial weapon and that MAPS is using above.net routing adverts to generate "secret" RBL entries. During Easter 2000, above.net broadcast static routes for ORBS with routing metrics so low that traffic was attracted away from other network paths to our suppliers. Those adverts persisted for a full day after routing to ORBS netblocks was switched off by ORBS suppliers as an experiment to track the source of the blackhole.
Because of ongoing claims about multiple steps between ORBS and above.net, it is worth noting when tracerouting that telecom.co.nz, telecom.net.nz, netgate.net.nz and xtra.co.nz are all the same company.
Telecom NZ are broadcasting superblock routes containing the ORBS netblocks into above.net and refuse to stop doing so. As a result, ORBS is unreachable from many parts of the world due to Above.net repeating those adverts at peering points, when alternate paths do exist.
Telecom NZ claim to be broadcasting longer prefix routes for ORBS netblocks into alternate paths. There is no proof of this being seen at any looking glass server worldwide. Discussion of this and why Telecom NZ are refusing to break up the superblock route in order to prevent ORBS routes being broadcast into above.net space may be undertaken with Chris Thompson
Dave Rand has been interviewed twice by IDG NZ about this issue. The first time, he denied above.net was blocking anything, then terminated the interview when asked to explain traceroutes from London Internet Exchange clearly showing nullrouting within above.net. The second time, he refused to comment, saying he had nothing to do with it and it was a matter between ORBS and its suppliers - despite the fact that our supplier's techs have stated that all email from above.net on the issue has come from Dave Rand and has contained explicit threats against them related to hosting of ORBS.
above.net - 63.248.16/21 63.248.24/22 64.7.0/24 149.54/16 149.172/16 155.211/16 165.231/16 192.41.214/24 192.67.14/24 192.67.173/24 192.83.249/24 192.84.20/24 192.84.243/24 192.101.44/24 192.136.112/24 192.216.144/21 192.246.117/24 198.17.5/24 198.32.176/24 198.32.180/24 198.51.109/24 198.51.110/24 198.176.193/24 199.46.16/20 199.46.18/23 199.74.206/24 199.88.158/24 199.184.82/24 202.163.96/19 204.87.178/24 204.89.131/24 204.176.224/19 205.159.173/24 205.166.121/24 206.223.78/24 207.106.62/24 207.126.96/24 207.126.96/19 208.184/16 208.184/15 208.184.240/24 209.66.64/18 209.133.0/17 209.150.126/23 209.177.67/24 209.177.68/24 209.177.71/24 209.177.87/24 209.177.92/24 209.237.0/19 209.249/16 209.249.118/24 209.249.227/24 212.38.160/19 212.69.160/19 212.197.144/20 216.59.4/23 216.59.8/22 216.59.62/23 216.59.78/23 216.59.80/22 216.59.84/23 216.59.86/23 216.59.88/23 216.157.48/21 216.168.128/19 216.200/16 206.14/16 204.152.184-191, 202.228.0/18 and many more. These are being manually checked and added from adverts at London and Vienna Internet Exchanges.
Contact: orbs@orbs.org - but read the website first.
Thursday, 11 May, 2000
Paul Brislen, Auckland
A New Zealand ISP says email bound for its users is being blocked by a US-based ISP, but neither the ISP or Telecom are willing to sort out the problem.
"AboveNet is trying to intercept mail coming into Telecom and on to MIS [Manawatu Internet Services]. Their routers are advertising for our net blocks," says MIS director, George Annear. "It appears to be only mail routed through AboveNet that's affected."
Networks arrange for traffic to be routed back to their IP addresses by advertising an appropriate route to peers and providers, based on speed and capacity. AboveNet advertises its availability and then is supposed to deliver MIS traffic on to the ISP.
"They're filtering based on content for MIS."
Annear says AboveNet is doing this solely because of MIS's role in the ORBS open relay black list. MIS was hosting both the list and testing, but has since shifted the testing facility to Europe. It is mail about the ORBS list that is being blocked, says Annear.
But AboveNet denies it is blocking any email.
"At no time am I intercepting their mail," says AboveNet co-founder Dave Rand, speaking from the US. He says the problem is one between Telecom and MIS and AboveNet doesn't involve itself in difficulties between one of its customers and their customers.
Telecom, however, says the missing email is nothing to do with them as this is a problem MIS is having with AboveNet.
"We provide the road, if you like, and it's up to our customers as to what they do on it," says spokesperson Linda Sanders.
That leaves Annear without any clear action to take, and without any email.
"I've made direct representations to [Telecom] saying what's happening is illegal, but they're not interested."
Annear says his only option is to make waves publicly about the issue.
"It's only going to change when people start losing customers because of what they're doing."
Annear says there aren't any laws in place that are applicable to this situation and there isn't any contract between MIS and AboveNet — his contract is with Telecom.
"The fact is [AboveNet is] an overseas' company and I would guarantee there are no international laws that cover this."
Monday, 29 May, 2000
Paul Brislen, Auckland
Telecom denies being responsible for the US-based network provider AboveNet blocking email to Manawatu Internet Services - and goes so far as to threaten legal action if MIS says it is.
"Telecom/Xtra would vigorously defend any legal action as we believe MIS's allegations to be baseless. We would also act if defamatory statements were made by MIS," says Telecom.
MIS accuses AboveNet of blocking its email traffic from Europe and of filtering email bound for MIS based on content. AboveNet denies it is doing this, but MIS director George Annear believes he has evidence that suggests AboveNet is filtering email in an attempt to block traffic from the ORBS open-relay blacklist testing facility in Europe.
ORBS, a customer of MIS, is a blacklist of servers which are open rather than closed and can be used by spammers to hide their tracks. Both MIS and AboveNet have similar policies about spam and both champion the anti-spam fight. Both Telecom and AboveNet have been listed on the ORBS database for operating open-relay servers.
AboveNet claims MIS is "act[ing] in breach of AboveNet's acceptable usage policy", according to Telecom's statement. AboveNet would not discuss the matter as it has a policy of not commenting on ongoing custom er relations issues, says AboveNet co-founder, Dave Rand. But Annear says he has made no allegations against Telecom or Xtra, has no contract with AboveNet and so cannot breach its "acceptable usage policy" and refutes Telecom's assertion that the impact on MIS is negligible.
"Is it negligible to have emails taking eight to 10 days to come through? I could fly to Britain, print off the email, fly home and hand them out in less time than that."
Annear does accept that Telecom is not directly responsible for the loss of the email, and has never alleged that it is, but says as his contract is with Telecom. "The only people we can complain to are our supplier of services, which is Xtra. It's up to Xtra to complain on to AboveNet."
Telecom's statement goes on to invite MIS to "seek an alternative provider", other than Telecom and says Telecom would "be happy to facilitate a smooth transition", which Annear laughs at. "I have an obligation to my customers in the same way Telecom has an obligation to me and they are not fulfilling it."
http://www.vol.com.vu/drift.html
July 7, 2000
According to ORBS, Above.net, an ISP partly owned by the guys who run MAPS (Paul Vixie and Dave Rand), advertises packet routes for ORBS then drops them. If true, this means that Net traffic meant for ORBS heads through Above.net routers where it dies, resulting in netsurfers being unable to reach ORBS or use their service.
Above.net may only be drawing traffic from those ISPs that have requested it to, but the situation is murky at the moment. The story illustrates how large ISPs with global points of presence have the power to shut down traffic to competitive sites. Big, big story in Internet insider circles. Meanwhile, MAPS RBL is also a target of a lawsuit from Yesmail.com. DirectMag has that.
http://www.theregister.co.uk/content/1/12045.html
It may seem incredible, but those companies set up to prevent the abuse of
modern communications (namely, spam) don't seem to be above a bit of active
sabotage. How come? All down to money, sadly.
The ongoing war between ORBS, Above.net and MAPS has come to light thanks to
Alan Cox's widely read diary
(for those that don't know, Alan Cox is a Linux guru, complete with foaming,
crazed groupies). Both ORBS and MAPS offer a screening service that cuts out
unwanted and unsolicited mail. Above.net is an ISP with two interesting
characteristics: one, it is included on ORBS' blacklist of open-relays (which
allows spammers to disguise themselves); two, its head, Paul Vixie, runs both
Above.net and MAPS.
Alan Cox's entry for 17 July reads: "Under repeated alleged attacks from Paul
Vixie's above.net, ORBS has shut down its services - Paul Vixie who just
happens to own MAPS which just happens to have ORBS as a notional competitor
were he to go commercial, anyone taking bets he does? Due to the amount of
spam I get without ORBS filtering, I'm going to be implementing draconian
filtering. Basically if you aren't someone who regularly mails me - tough
you'll probably never get a reply now."
So what we seem to have here is an ISP, with a vested interest in an anti-spam
company planning to go commerical, having a go at another, non-commercial
anti-spam company. Looks very messy to us. What's more, it's not terribly
hard to see what Above.net is up to. According to observers, it's not
even just blocking ORBS packets (presumably to search for a mention of
Above.net in its blacklist), it is actually actively counteracting ORBS
traffic. This is not a good way of getting the Net community on your side,
but then if the idea is to put ORBS out of business, it is having the desired
effect.
We deplore blocking terrorism, and in this case, since it isn't even a
commercial battle, these tactics would seem very inappropriate. If Above.net
is really behind this, we've no doubt the full, hidden force of the Internet
will be brought to bear.
http://www.theregister.ca.uk/content/archive/12084.html
Since we posted a story repeating allegations made by ORBS anti-spammers that
ISP Above.net was purposefully blocking ORBS traffic, apparently to clear the
way for a commercial MAPS (also an anti-spammer service and run by Above.net
creator Paul Vixie), we have had emails fighting into our inbox.
It's no secret that ORBS and MAPS aren't exactly best friends but the
pressure-cooker rivalry became too much, allegations started flying and we are
now faced with a partisan split. As one reader stated: "A user's choice of ORBS
or MAPS is as religious as their choice of OS."
Despite a largely positive press response to ORBS, its supporters seem the more
deranged. It is a simple fact of the Net industry that it is populated with
highly loyal but blinkered individuals. Something is either the best in the
world or the worst.
As such, it's hard to know whether the accusation that Alan Cox (a pro-ORBS
Linux guru whose diary alerted The Reg to the situation) is making
"hysterical claims" is made from an anti-ORBS, anti-Linux or anti-Cox
standpoint. A lot of the emails are slightly calmer versions of newsgroup crazy
rants and words like "conspiracy", "grudge" and "fanatic" have cropped up with
alarming regularity.
So what is going on? Well, it's unlikely that we'll ever find out the full
details of the current saga, but there is general agreement that it started
when ORBS blacklisted MAPS and Above.net. Depending on who you believe this is
either totally justified or completely malicious.
Above.net clearly didn't like this much and so added some routing entries to
block ORBS traffic. Is it on an all-out ORBS attack mission? ORBS says yes,
MAPS and Above.net vaguely deny it and the various supporters bicker. Either
ORBS is stupid and melodramatic or Above.net is totally bent on destruction.
We'll tell you what we think in a minute.
As for the claims that MAPS is planning to go commercial (thus providing the
"motive" in this sorry mess), well, it is either completely false or utterly
true. "It's registered as a not-for-profit company!" many claim. Is that an
official, legally binding registration? No, we thought not.
One comment which we can't disagree with is that while Alan Cox's opinion has
been taken seriously (and true, he was simply repeating ORBS' allegations),
the equally significant reputation of Paul Vixie (the man that ties Above.net
with MAPS) has been overlooked. Oh, and claims that Above.net and MAPS can't
be connected have, we're afraid, fallen on deaf ears.
Okay, so we've gone through what everyone else thinks, what does The Reg
think? We reckon, as we said in the sub-head, it's six of one and half a dozen
of the other. It was a fight both were itching to have and no matter how much
either of them put on their cherub faces and swear they did nothing wrong, they
are both as guilty as each other.
ORBS more than likely found an open relay system somewhere on Above.net and
used this to blacklist the ISP and MAPS for good measure. Understandable, if a
little childish. (Incidentally, the different reactive/proactive approaches
that MAPS and ORBS use are to us simply a variation on a theme - we think
neither ultimately better suited.)
Above.net then over-reacted and it does seem clear that it is partaking of a
rather pointed attack on ORBS and its traffic. ORBS' apparent claim that this
is putting it out of business is bunkem. As for MAPS planning to become an
all-mighty profit-making conglomerate - we don't buy it. It's too easy an
argument and it presses the right button a little too strongly. We've been
sniffing around these commercial claims all day and we see nothing more than
an intention to scrape a little money off big corporations. A Microsoft it
ain't.
Alan Cox - we don't even want to go there. We get enough email from Linux
fanatics already.
Paul Vixie? Well, yes, he is a smart cookie. But he simply isn't the
people-loving hero that many would wish us to believe. Christ, if you get
anywhere in this industry you have a brain, a steel nerve and the balls to
back both up. And let's not forget the court order against MAPS which prevents
it from blacklisting Yesmail.com.
All in all, this is a spat. Hopefully the concerned parties will all calm down
and recognise that they have more to lose by bashing each other than they have
to gain.
Still, good viewing, no?
http://www.zdnetasia.com/news/dailynews/story/0,2000010021,20061370-1,00.htm
August 9, 2000
ORBS' proactive approach to fighting bulk e-mail may actually help spammers. But the group's chief critic is under the gun, too.
ORBS, an organization in New Zealand opposed to bulk e-mail, appears to be fighting spam with spam.
The group takes it upon itself to test networks for bad e-mail filters. Unlike its chief competitor, the Mail
Abuse Prevention System (MAPS), ORBS doesn't wait for spam complaints.
But the thousands of e-mails needed to poke and prod a system for weak links are apparently considered spam by
AboveNet, one of its ISPs.
Unless it changes its ways, or switches to another ISP, AboveNet is planning to block ORBS e-mail, sources said Wednesday.
Signs pointing to MAPS?
Although ORBS did not respond to an e-mail seeking comment, its defenders point out a curious connection between
MAPS, AboveNet and anti-spam activist Paul Vixie.
AboveNet is owned by Metromedia Fiber Networks, where Vixie is a senior vice president. Vixie is also a managing
member of MAPS, which briefly added ORBS to its "black hole" list of supposed spammers last summer.
More than 20,000 companies subscribe to the MAPS list and routinely block e-mail traffic from companies on the
list.
A spokesman for Vixie denied any wrongdoing.
"AboveNet has a perfect right to do this," said spokeswoman Kelly Thompson.
But ORBS has its enemies, too.
ORBS has gained a bad reputation among some anti-spam activists, according to David Wright, a Web pioneer who sits
on a citizens advisory panel for a bulk e-mailing company.
"Many people consider ORBS an abusive organization," Wright said in an e-mail. Aside from probing sites
for weaknesses, the group also publishes details that "possibly aid spammers who are looking for just such
sites," Wright wrote.
http://www.bit.nl/~sabri/above/
http://answerpointe.cctec.com/maillists/nanog/current/msg00734.html
January 9, 2001
My name is Sabri. I'm just another dude involved in internetworking and I work for a small isp in The Netherlands.
I am concerned. Concerned about people and companies who think they are in the position to be net.gods and for political reasons destroy the free character of the internet.
In the history of the internet, people have been trusting each other. On the lower technical levels, great things like peering have been developed. At the various IX'es, commercial and non-profit companies exchange information about each others routes using BGP4 and various other routing protocols.
In my opinion, announcing a netblock using BGP4 is making a promise to carry traffic to a destination within that netblock. If you feel that parts of that network are against your ethics or AUP, you should not be announcing such a netblock. If you do so, you will make a promise which you do not forfill. That is not a nice thing to do in a world which is based on trust and agreements between parties.
I was shocked to find out that one of the larger transit providers (which the company I work for buys transit from) is actively violating the trust it has been given by the internetworld.
Above.net is blocking a host in UUnet IP space. After finding out about this we notified Above.net in The Netherlands and asked what it was about and requested them to stop announcing the netblock if they would continue to nullroute the host involved. After various contacts about this matter, Above.net answered with the following statements (according to the salesdroid it came from Paul Vixie himself):
> 194.178.232.55/32. --> this tester is part of a /16 belonging to uunet, and > sends traffic which is in violation of our AUG. we complained to uunet > without any effect. if we have blocked access from this /32 to our > backbone, we are within our rights.
After this mail, we contacted Above.net again. They basically told us it was for our own protection because that traffic from that host does not comply to their AUP.
The fact that this whole story concerns the ORBS relaytester is in my opinion completely irrelevant. Today it is ORBS, tomorrow it is Microsoft and the day after that it is NANOG for saying bad things about Above.
When you make a promise, keep a promiss.
People who have an opinion on this, please go to this poll to speak up.
Here is some info:
ams-ix-bfr#traceroute 194.178.232.4
Type escape sequence to abort.
Tracing the route to haarlem.vuurwerk.nl (194.178.232.4)
1 212.4.194.134 [AS 8918]
2 core1-ams1-stm1.ams3.above.net (208.184.231.41) [AS 6461]
3 lhr1-ams3-stm4.lhr1.above.net (208.184.231.13) [AS 6461]
4 nyc-lhr-stm4-2.above.net (208.184.231.21) [AS 6461]
5 POS3-0-0.GW8.NYC4.ALTER.NET (157.130.31.45) [AS 701]
6 140.ATM3-0.XR2.NYC4.ALTER.NET (146.188.179.158) [AS 701]
7 188.at-2-0-0.TR2.NYC8.ALTER.NET (152.63.21.114) [AS 701]
8 124.at-5-0-0.IR2.NYC9.ALTER.NET (152.63.1.197) [AS 701]
9 so-0-0-0.IR2.NYC12.ALTER.NET (152.63.23.66) [AS 701]
10 SO-5-0-0.TR2.LND2.Alter.Net (146.188.15.53) [AS 702]
11 SO-6-0-0.TR2.AMS2.Alter.Net (146.188.8.158) [AS 702]
12 SO-6-0-0.XR2.AMS2.Alter.Net (146.188.8.89) [AS 702]
13 POS2-0.GW3.AMS2.Alter.Net (146.188.5.45) [AS 702]
14 vuurwerk-gw.customer.nl.uu.net (213.53.41.190) [AS 1890]
15 62.58.131.13 [AS 13127]
16 srp0-0.12008-1.hlm.versatel.net (62.58.128.69) [AS 13127]
17 62.58.143.141 [AS 13127] 1
18 62.58.142.2 [AS 13127]
19 haarlem.vuurwerk.nl (194.178.232.4) [AS 702]
ams-ix-bfr#traceroute 194.178.232.55
Type escape sequence to abort.
Tracing the route to relaytest.orbs.vuurwerk.nl (194.178.232.55)
1 212.4.194.134 [AS 8918] 0 msec 0 msec 0 msec
2 core1-ams1-stm1.ams3.above.net (208.184.231.37) [AS 6461]
3 lhr1-ams3-stm4.lhr1.above.net (208.184.231.13) [AS 6461]
4 iad1-lhr1-stm4.iad1.above.net (216.200.254.77) [AS 6461]
5 core5-core3-oc48.iad1.above.net (208.185.0.150) [AS 6461]
6 core4-core5-oc192.iad1.above.net (208.185.0.109) [AS 6461]
7 * * *
8 * * *
9 * * *
10 sjc1-iad1-oc12.sjc1.above.net (207.126.96.121) [AS 6461] !H * *
ams-ix-bfr#
ams-ix-bfr#sho ip bgp 194.178.232.55
BGP routing table entry for 194.178.0.0/16, version 12773024
Paths: (3 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
213.136.4.153
12859 174 702
213.136.4.153 from 213.136.4.153 (213.136.4.153)
Origin IGP, localpref 100, valid, internal
6461 701 702
62.4.95.253 from 62.4.95.253 (216.200.254.246)
Origin IGP, metric 6256, localpref 100, valid, external, best
6461 701 702, (received-only)
62.4.95.253 from 62.4.95.253 (216.200.254.246)
Origin IGP, metric 6256, localpref 100, valid, external
ams-ix-bfr#
http://www.merit.edu/mail.archives/nanog/2001-11/msg00245.html
![[ dotcomeon.com ]](images/dotcomeon.jpg)