On Fri, 12 Sep 2008, Roy Arends wrote: > On Sep 10, 2008, at 9:17 PM, Ron Bonica wrote:
> In defense of publishing draft-ietf-dnsop-reflectors-are-evil I'd like > to put forward the following article that was part of a paper I co- > authored in 2005. I do this to show that the publication of this draft > is long overdue, and that I rather have it published sooner than > later. Furthermore, to defend against abuse that includes open- > resolvers I would welcome an RFC as soon as possible, to have a > boilerplate that I can show folks, who unknowingly run open resolvers, > but need a pointer to defend the cost of configuration change to their > management. > > The article: > > About Open Relays and Open Resolvers > > In the early days of the Internet it was common to offer services to > everyone, either intentionally or as a side effect. The rise of spam > taught us that this approach was not well suited for the real world, > so over time most open relays were closed. The assertion that most open relays were closed is false. In 2003, just before most of the open relay blacklists closed, it was reported to the FTC that there were 400,000 open relays and that the number continued to rise. I am aware of no reports on numbers of open relays after 2003. I was an early advocate of open relays because they had legitimate uses for traveling consultants and because the arguments against them had no substance. AV8 is still an open relay operator today. There are some aspects in common with open relays and open recursors: In both cases, there are legitimate uses for open relays and open recursors. Open relays are useful for people who use outside IP addresses but need common processing (eg logs or copies of email sent) or just don't trust the email servers provided for the outside IP addresses. Open recursors also have legitimate uses from outside IP addresses that were emphasized with the cache poisoning attacks. In both cases, there was no non-mitigatable harm. Open relay abuse was detected and stopped by open relay operators. Open recursors are run by businesses and ISPs that detect and mitigate abuse. In both cases, advocates of closing them solicited abuse of them, and did this for their own profit. For example, In two open relay cases, I tracked open relay abuse to Osirusoft and ORBS by setting up non-production servers, logging (via cisco acls) activity, and submitting them one at a time for scanning. ORBS was subsequently found in court, 3 times, of using false statements about open relays for its profit, and was forced out of business to pay for damages. John Levine, Paul Vixie, with NANOG senior members misled operators about the laws that apply to ISPs. See http://www.av8.net/IETF-watch/People/JohnLevine/index.html http://www.av8.net/IETF-watch/People/StevenBellovin/index.html In the case of open recursors, the opponents of open recursors are advocates of DNSSEC software, and closing open recursors will mean that more closed recursors will be needed, creating sales opportunities for their software. Closing open recursors makes the cache poisoning problem worse, and offer to sell a solution for cache poisoning. In the case of open relays, opponents supported assertions to NANOG members that it was OK to abuse open relays and that the Computer Fraud and Abuse Act didn't apply to ISPs. I was silenced on NANOG in 2000 before I could gloat about proof that these laws do apply after the FBI arrested foreign hackers who stole credit cards. See http://www.iadl.org/nanog/nanog-story.html http://www.iadl.org/ks/kai-schlicting-story.html http://www.iadl.org/cn/cn-story.html In fact, open relays did not offer any of the harms that opponents claimed. The claims of harm were deceptive. See http://www.av8.net/FTC.pdf The claims of harm were also intentionally misleading. I added the fact that open relays were not anonymous, and explained the header issue to the wikipedia page on open relays, and this information was deleted, and replaced with innuendo implying that open relays enable anonymous email. Deleting these facts are intentional deceptions. See also http://www.iadl.org/JATerranson/JATerranson-story.html for an account of false claims of open relay harms. > Spam did not cease but just one abuse mechanism disappeared. The above is a false assertion. Genuine bulk emailers had no interest in open relays. After Sanford Wallace's fixed IP address was blocked by MAPS in 1997, Wallace tried to abuse open relays, and discovered that open relays don't offer anonymity. In fall of 1997, most bulk emailers including Wallace turned to disposable dialups, and thereafter didn't abuse open relays. The Vixie/Levine/Joffe bulk email company, Whitehat.com was apparently kept off of spam-traps by inside information and to my knowledge, Whitehat didn't ever use disposable dialups to circumvent blacklists. Vixie was a cofounder of MAPS; John Levine is chair of the IRTF Anti-spam Research Group; Rodney Joffe is founder of UltraDNS, Centergate Research, Whitehat. Bill Manning is Chief Scientist; Vixie was board member on Nominum, David Conrad was CTO at Nominum. (See http://www.iadl.org/maps/maps-story.html, http://www.av8.net/IETF-watch/People/JohnLevine/index.html) Open relays offered no advantage to genuine commercial bulk emailers. This is shown most evidently in the abuse by Sanford Wallace in 1997. Wallace was detected and stopped. Protecting an open relay from abuse is no different than protecting a closed relay from abuse, and one doesn't need to close the open relay to add such protection. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop