SCN: ORBS
Steve
steve at advocate.net
Sat Jun 9 07:30:44 PDT 2001
x-no-archive: yes
==========================
(Damien Cave, Salon)---Spam fighters all over the world have lost a
controversial weapon in the battle against unsolicited e-mail. Since
June 1, the Web site for ORBS -- the Open Relay Behavior
Modification System -- has been gutted. Visitors to the site now find
nothing more than a gray blank page and a simple message: "Due
to circumstances beyond our control, the ORBS website is no longer
available."
ORBS's main service was a blacklist of Internet mail servers --
computers capable of routing mail across the Net -- that the ORBS
administrator, Alan Brown, had identified as potentially capable of
forwarding spam. Now that blacklist is no longer available to
network administrators, and they want to know why. One popular
theory mooted on the Net is that Brown closed down the site rather
than comply with a New Zealand court order demanding that he
remove two specific ISPs from the blacklist. But Brown, who lives in
New Zealand, is keeping silent. "I am unable to answer any of your
questions," he writes in an e-mail. "Sorry."
Even without an explanation, the demise of ORBS is significant,
stirring up, once again, an ongoing worldwide debate over how best
to administer the Internet and mediate the Net's intersection of
humanity and technology. Questions about ORBS's behavior always
centered on the problem of how to handle e-mail abuse. But more
generally, ORBS symbolized the ongoing struggle between the
Net's tendency to encourage individual freedom and the necessity
of combating anarchy.
Ever since the Net moved beyond its roots as a small, open,
academic community, users have attempted to balance opposing
forces. Most favor the right to speak out, along with the right to
privacy; they rail against censorship, but at the same time
desperately seek the ability to censor unsolicited e-mail by limiting
spammers' access to their networks.
ORBS supporters say the blacklist was a fully justified form of
preventive medicine. Brown saw his mission as identifying every
mail server on the Net that allowed "open relays" -- in essence, that
permitted the forwarding of mail from one point on the Net to another
without any restriction. Spammers love open relays; they employ
them to hide their identities and funnel out massive amounts of e-
mail for free. But at the same time the open relays bog down the
system for other customers.
Brown used simple software agents and diagnostic probes to comb
the Internet, looking for mail servers configured for open relaying.
Whenever he found one, Brown would post the Internet protocol (IP)
address on his list -- even if the address had never been used by a
spammer. ISPs, systems administrators and everyday citizens who
configured their computers to block addresses listed on ORBS could
then close off a spammer's favorite distribution tool even before the
spammer knew it existed.
More controversial, Brown also placed on his list servers that
blocked his probes, whether or not he could ascertain if they had
open relays. ORBS supporters say such a policy was the only way
to keep a flood of open-relay-capable servers from pumping spam
across the Net. The end, they argue, justified the means.
The immediate impact of the ORBS shutdown could mean more
spam, says Michael LeFevre, a London technology company
executive. "I've received four spams since ORBS went down last
week," he says. "I only received two or three previous to that this
year."
But not everyone is sorry to see the site go. ORBS has plenty of
critics. ORBS wasn't just a useful technology, they say; it was also
a tool used by a specific person, Alan Brown, an overzealous spam
fighter who went too far. ORBS's own ISP pulled the plug on Brown
in 1998 after receiving complaints about the way that Brown used
probes to test servers for open relays. Although another ISP agreed
to host ORBS soon afterward, Brown's detractors say that he never
learned his lesson: He repeatedly insisted that he had the right to
test servers as often as he wanted.
"Alan Brown created some nice technology -- nobody faults him on
that point," says Tom Geller, founder of Suespammers.org, a
nonprofit group that lobbies for strict spam legislation. "But he used
it in an irresponsible way, invading others' private networks and
using others' resources against their stated wishes." He became a
living contradiction -- a man who, says Geller, "used others' network
resources to prove that it's wrong to use others' network resources."
Before the scourge of spam, the Net was a less contentious place.
Until the early '90s, open relays were not uncommon. In fact, they
were the norm.
"I remember when you'd get funny looks for running a mail server
that wasn't an open relay," says "Der Mouse," a Canadian spam-
fighting veteran who refused to give his off-line name. "I remember
when there was a machine on the Net that was advertised as having
no password on its administrative log-in. Want a guest log-in? Log
in and create yourself one. I remember when the Net was a friendly
and civilized place."
"Today it is more of an armed camp, suspicious of everyone," he
continues in an e-mail. "The Net I knew and loved is dead, killed by
uncivilized greedy incompetents who came barging in, without
caring that when you barge into a foreign culture it behooves you to
learn how they do things. This would not have been a problem,
except that they arrived in sufficient numbers to overload the
mechanisms that normally would have either brought newcomers up
to speed on the culture or rejected them; as a result they killed off
the culture we had, the only culture I've ever seen work based on
mutual friendship and helpfulness on a large scale."
Spam signified the death of the original Net culture, Der Mouse and
others argue. By the mid-'90s, systems administrators started
fighting it by closing off open relays. Shutting the pipes made it
harder for, say, employees of a company to log on to their corporate
network from home, but by limiting who could use the network,
closed relays also kept spammers out. This, in turn, saved
companies and individuals money, since open relays essentially let
anyone borrow servers and bandwidth without having to pay for
them.
But some network administrators moved slower than others. So
ORBS appeared, with a mission to move them along. At first, most
people on the Net welcomed the service. Open relays were
sometimes hard to find, and ORBS worked more quickly than other
spam-fighting lists. The Mail Abuse Prevention System's Realtime
Blackhole List, for example, acts like an after-the-fact plug. Its main
list contains domain names that spam has already been sent from,
and MAPS only adds servers to its list after the system
administrator of the offending mail server has been given a chance
to close the hole but hasn't done it.
ORBS, on the other hand, "tested relays and listed them
immediately," says William James, a computer consultant in
Mississippi. "No negotiation, no notice. It was fast. Someone
running an open relay ran the risk of losing a substantial amount of
traffic without any notice."
Over time, however, Brown's pace and intensity started alienating
the very people who sympathized with his cause. John Oliver, a
systems administrator in San Diego, remembers butting heads with
Brown in early 1999. ORBS probes invaded his servers and tested
them for 45 minutes, over and over again. The probes returned and
retested a few days or weeks later, "as often and as frequently as
they saw fit," Oliver says.
Each day that the tests ran, Oliver's server logs lengthened. He
received pages and pages of server activity that directly resulted
from Brown's tests. "It was annoying because since I wasn't running
an open relay, it was wasting my time," he says. "And, of course, I
didn't appreciate the implicit accusation that I was an irresponsible
admin."
Brown regularly tested servers without any evidence of wrongdoing,
says Der Mouse. "Let me be precise: He repeatedly 'tested' my
home mail server, and if he had any reason to think it had ever
relayed spam, he steadfastly refused to produce it," he says. "He
also repeatedly did so after I explicitly denied him permission to do
so."
MAPS also had a run-in with ORBS. In 1999, MAPS listed ORBS on
its Realtime Blackhole List, in response to several complaints about
the way that ORBS was supposedly abusing networks. The group
removed ORBS and stopped blocking it from its own servers three
months later, but not before ORBS threw MAPS into its own black
hole. Even Suespammers.org found itself blocked over a dispute
with ORBS. Until the day the list died, spam fighters who used
Brown's list couldn't access the Suespammers site, a major
resource that might have helped them in their war on unsolicited e-
mail.
"Alan's problem is that he was so convinced that testing was
necessary that he felt that anyone who didn't want him testing their
systems, as often as he wanted to, was somehow just as bad as an
actual open relay," says Peter Seebach, a systems administrator
who subscribes to several spam-fighting mailing lists. "This is
where I drew the line; without any spam coming through a system,
and with the admin's request that he not test it, he had no business
hitting systems over and over again. I don't see a meaningful
distinction between what he did and what script kiddies do with root
scripts" that attempt to break into a system.
Is what ORBS did really so bad? In essence, ORBS was nothing
more than a list of servers that Brown checked and decided to block
from connecting with his network -- which is one suggested recipe
for spam fighting. Doesn't Brown have the right to protect his
network by blocking whomever he wants to? Doesn't he have the
right to publish a list of whom he's blocking?
People who rail against Brown are ignoring the implications of their
argument, says "Afterburner," manager of the e-mail abuse
department for a large ISP. ORBS may have been run "in a
particularly unethical way," he says, but that doesn't mean that
Brown should be silenced.
Rather, everyone should have "the unfettered right to publish" a
blacklist, regardless of how it is organized, he says. Probes don't
damage a network, and "nobody is required to use your list if they
don't want to," he says. "The situation is somewhat analogous to the
idealized free market: If you put out a list that's worth using, people
will use it. If you put out a list that is not worth using, people will not
use it."
But ORBS doesn't quite fit Afterburner's paraphrase of the libertarian
ideal. The list was worth using; blocking the servers ORBS listed cut
down on spam. Yet those who used the list as a tool against
unwanted e-mail didn't necessarily have to pay the costs, which
came in the form of ORBS's probes. In other words, Brown's
approach looks a lot like a spammer's: He invaded others' networks
without consent, offering benefits without costs.
Even worse, critics argue, Brown went one step further, blocking
servers that didn't have open relays, and adding them to a list that
he knew would keep traffic from them. There is, for example, the Xtra
Mail lawsuit in New Zealand, which Brown's critics say was a direct
result of Brown's unethical practices.
Essentially, Brown added Actrix and Xtra Mail's servers to his
blacklist after they blocked his probes. He reportedly had no
evidence that they used open relays. Actrix and Xtra Mail sued, and
on May 24 they won. The New Zealand High Court ordered Brown to
remove Xtra Mail's servers from the ORBS database.
Brown then said that he would comply, but he remained unrepentant.
"ORBS policy is that if you threaten ORBS you'll be manually
listed," he said, according to a story in IDG New Zealand. "Telecom
[Actrix and Xtra Mail's parent company] threatened me with legal
action for two years."
Those who have tangled with Brown aren't surprised at his stance.
And they don't have a problem with his philosophy, or with his
argument that he has a right to form a policy and block whomever he
wants. They argue, however, that the policy has to be carried out
with honesty.
"The list wasn't what it was purported to be," says Oliver, of San
Diego. "If you employ a list called the Open Relay Behavior
Modification System to protect your server from spam, you expect
that list to block open relays and nothing else. But that isn't what
you got with ORBS. You got open relays blocked as well as anyone
who had attracted the personal enmity of Mr. Brown."
Ultimately, Oliver says, the Net should be glad to see ORBS go
because it lacked the basic values of the old Internet -- truth, respect
and freedom. "It's extremely dangerous to support the use of a tool
when the cost for its use includes the loss of a liberty," he says.
Still, many of Brown's critics argue that ORBS's technology
shouldn't go to waste. The list is already mirrored on at least one
site, and some predict that another administrator -- someone with a
bit more restraint -- will clean it up and maintain it. If he or she does,
perhaps that individual, and other technologists, will learn from
Brown's mistakes, says Geller at Suespammers.org.
"Any technical endeavor that ignores social aspects is doomed to
failure," he says. "It's like making soup without liquid."
Copyright 2001 Salon.com
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list