- -

The hall of shame.

These netblocks have open relays and admins who think that preventing the ORBS tester from checking the netblock is going to stop those relays from being abused by spammers...

130.105/16, 192.3.136/24, 192.3.142/24, 208.223.51/24 - av8.com

24.92/14, 24.28/14, 24.24/14, 24.160/15, 204.210/16, 24.88.0/17, 24.128/14 - rr.com

204.251.80/24 - 204.251.95/24 - galstar.com

203.36.118/24 and 203.36.184/24 - Ericsson Australia.

139.175/16 - Seed.net.tw

216.121/16, 209.182/16 - Colossus.net

These netblocks contain spam sources and spamvertised websites which have been operating for extended periods of time.

195.154.24/23 - isdnet.net - forging ORBS HELOs and envelopes in spam. - 63.255.255 - Australianhosting.net. Major spam haven, and relay hijacking source. - XTS.net.

216.35.159/24, 216.35.99/24. Responsys. Aka rsvp0.net, rs88.net

63.237.24/24 - midatlantic-isp.net

212.4.192/19 - carrier1.net

61.128-61.143, 202.96-202.111 - China Telecom. - lauderdale.net, - pajo networks

216.189.15,20,21 - Hufnel. Enough said.

208.193.16/24 - Stoneage.com - Empire Towers

63.227.234/23 - Hughes Global Services Inc - source of most of the Nigerian "471 scams" (named for the nigerian law number which outlaws them) mailed to ORBS in the last 6 months.

198.142/16, 203.2.75/24, 192.243.32/24, 192.190.208/21 - C&W Optus (Australia)

Above.net are now blocking all access to the ORBS website and mailservers, so if you are an above.net customer and wondering why you can't see this site directly, that's why. If you are blocked from direct access, try going through http://www.anonymiser.com/

Late addition: Above.net are now broadcasting nullroutes for all the published ORBS nameservers.

Above.net have been broadcasting routes to third parties for ORBS netblocks since mid-May 2000 via BGP at various peering points worldwide - confirmed at London Internet Exchange and Vienna Internet Exchange, then nullrouting traffic destined to our website and mailservers.

Legal advice is that advertising routes to ORBS at these internet exchanges is a breach of applicable criminal laws in the UK and in Austria and may result in seizure of all above.net equipment in London Internet Exchange if anyone feels wronged enough to file a criminal complaint about the theft of packets.

If above.net do not wish to carry ORBS traffic, that is their decision and if they choose to blackhole traffic internally, that is also their decision. However advertising routes to ORBS outside their own network in order to attract network packets destined for ORBS and then dump that traffic once it is inside their network is fraudulent.

If above.net truely thought ORBS was abusive as they claim, they would be blocking packets from ORBS, not to ORBS and they would taking care not to advertise routes to ORBS pointing into their network at peering points.

As Above.net owners are also MAPS owners, this can be very easily explained as MAPS attempting to shut down competition - MAPS is a commercial organisation which is moving to a fee-based structure. ORBS is not. MAPS and Above.net management refuse to discuss this backdoor RBLing of ORBS with anyone. As MAPS endured a storm of criticism late in 1999 for adding ORBS to the RBL publically, this again underlines MAPS attempts to shut down ORBS. See Dejanews for details.

Several MAPS employees feel the same way by all accounts. At least one recent MAPS resignation letter (Nick Nicholas, Executive Director) has cited this backdoor attack on ORBS among the reasons for leaving.

Paul Vixie owns MAPS LLC. He is also a senior manager in above.net and has appeared as a representative of above.net in dealings with our supplier on this issue. Previously he was forced to remove ORBS from the MAPS RBL due to public criticism. While Dave Rand was making the initial threats to ORBS and Telecom NZ over ORBS as an above.net representative, Paul Vixie is now the one making those threats.

Dave Rand is CTO of above.net. He is also vice president of MAPS LLC. Dave Rand was responsible for the addition of ORBS to the MAPS RBL without following published MAPS procedure. The actual addition of ORBS into the MAPS RBL was done by Paul Vixie. Shortly after the removal of ORBS from the MAPS RBL, he started threatening ORBS suppliers and DNS sites, then blocked the ORBS tester, resulting in above.net space being marked as untestable.

When above.net customers mailed ORBS asking about this, this was explained to them. Several reported that they had been told that explicit paths had been opened between them and the tester - claims which were easily proved false. After about a dozen such incidents, some of which resulted in several peering agreements being discontinued and networks changing supplier to get away from above.net, above.net then started nullrouting traffic destined to the ORBS website and mailservers.

For these reasons, ORBS admins believe that above.net is using MAPS as a commercial weapon and that MAPS is using above.net routing adverts to generate "secret" RBL entries. During Easter 2000, above.net broadcast static routes for ORBS with routing metrics so low that traffic was attracted away from other network paths to our suppliers. Those adverts persisted for a full day after routing to ORBS netblocks was switched off by ORBS suppliers as an experiment to track the source of the blackhole.

Because of ongoing claims about multiple steps between ORBS and above.net, it is worth noting when tracerouting that telecom.co.nz, telecom.net.nz, netgate.net.nz and xtra.co.nz are all the same company.

Telecom NZ are broadcasting superblock routes containing the ORBS netblocks into above.net and refuse to stop doing so. As a result, ORBS is unreachable from many parts of the world due to Above.net repeating those adverts at peering points, when alternate paths do exist.

Telecom NZ claim to be broadcasting longer prefix routes for ORBS netblocks into alternate paths. There is no proof of this being seen at any looking glass server worldwide. Discussion of this and why Telecom NZ are refusing to break up the superblock route in order to prevent ORBS routes being broadcast into above.net space may be undertaken with Chris Thompson

Dave Rand has been interviewed twice by IDG NZ about this issue. The first time, he denied above.net was blocking anything, then terminated the interview when asked to explain traceroutes from London Internet Exchange clearly showing nullrouting within above.net. The second time, he refused to comment, saying he had nothing to do with it and it was a matter between ORBS and its suppliers - despite the fact that our supplier's techs have stated that all email from above.net on the issue has come from Dave Rand and has contained explicit threats against them related to hosting of ORBS.

above.net - 63.248.16/21 63.248.24/22 64.7.0/24 149.54/16 149.172/16 155.211/16 165.231/16 192.41.214/24 192.67.14/24 192.67.173/24 192.83.249/24 192.84.20/24 192.84.243/24 192.101.44/24 192.136.112/24 192.216.144/21 192.246.117/24 198.17.5/24 198.32.176/24 198.32.180/24 198.51.109/24 198.51.110/24 198.176.193/24 199.46.16/20 199.46.18/23 199.74.206/24 199.88.158/24 199.184.82/24 202.163.96/19 204.87.178/24 204.89.131/24 204.176.224/19 205.159.173/24 205.166.121/24 206.223.78/24 207.106.62/24 207.126.96/24 207.126.96/19 208.184/16 208.184/15 208.184.240/24 209.66.64/18 209.133.0/17 209.150.126/23 209.177.67/24 209.177.68/24 209.177.71/24 209.177.87/24 209.177.92/24 209.237.0/19 209.249/16 209.249.118/24 209.249.227/24 212.38.160/19 212.69.160/19 212.197.144/20 216.59.4/23 216.59.8/22 216.59.62/23 216.59.78/23 216.59.80/22 216.59.84/23 216.59.86/23 216.59.88/23 216.157.48/21 216.168.128/19 216.200/16 206.14/16 204.152.184-191, 202.228.0/18 and many more. These are being manually checked and added from adverts at London and Vienna Internet Exchanges.

Back to ORBS Home

Database problems: Most problems currently seen are transient. Try reloading the page if you get an error. Please advise if you get repeated error messages while accessing the website.
Database disclosure: ORBS publically discloses all details on IP addresses which have been detected as open once the data is over 30 days old. This is done because machines which are not secured within one month of discovery are unlikely to ever be secured unless publicised.
Contact: orbs@orbs.org - but read the website first.. Note - any E-mail message sent to any ORBS.org contact address or to any of our network service providers may be posted in whole or in part to various anti-spam forums, depending on the abusiveness or humour value of the message. ANY message that mentions the words "lawyer" or related terms in particular will very likely be posted.