On Fri, 12 Sep 2008, Roy Arends wrote:
> On Sep 10, 2008, at 9:17 PM, Ron Bonica wrote:
> In defense of publishing draft-ietf-dnsop-reflectors-are-evil I'd like
> to put forward the following article that was part of a paper I co-
> authored in 2005. I do this to show that the publication of this draft
> is long overdue, and that I rather have it published sooner than
> later. Furthermore, to defend against abuse that includes open-
> resolvers I would welcome an RFC as soon as possible, to have a
> boilerplate that I can show folks, who unknowingly run open resolvers,
> but need a pointer to defend the cost of configuration change to their
> management.
>
> The article:
>
> About Open Relays and Open Resolvers
>
> In the early days of the Internet it was common to offer services to
> everyone, either intentionally or as a side effect. The rise of spam
> taught us that this approach was not well suited for the real world,
> so over time most open relays were closed.
The assertion that most open relays were closed is false. In 2003, just
before most of the open relay blacklists closed, it was reported to the
FTC that there were 400,000 open relays and that the number continued to
rise. I am aware of no reports on numbers of open relays after 2003.
I was an early advocate of open relays because they had legitimate uses
for traveling consultants and because the arguments against them had no
substance. AV8 is still an open relay operator today. There are some
aspects in common with open relays and open recursors:
In both cases, there are legitimate uses for open relays and
open recursors. Open relays are useful for people who use outside IP
addresses but need common processing (eg logs or copies of email sent)
or just don't trust the email servers provided for the outside IP
addresses. Open recursors also have legitimate uses from outside IP
addresses that were emphasized with the cache poisoning attacks.
In both cases, there was no non-mitigatable harm. Open relay
abuse was detected and stopped by open relay operators. Open recursors
are run by businesses and ISPs that detect and mitigate abuse.
In both cases, advocates of closing them solicited abuse of
them, and did this for their own profit. For example, In two open relay
cases, I tracked open relay abuse to Osirusoft and ORBS by setting up
non-production servers, logging (via cisco acls) activity, and
submitting them one at a time for scanning. ORBS was subsequently found
in court, 3 times, of using false statements about open relays for its
profit, and was forced out of business to pay for damages. John Levine,
Paul Vixie, with NANOG senior members misled operators about the laws
that apply to ISPs. See
http://www.av8.net/IETF-watch/People/JohnLevine/index.html
http://www.av8.net/IETF-watch/People/StevenBellovin/index.html
In the case of open recursors, the opponents of open recursors are
advocates of DNSSEC software, and closing open recursors will mean that
more closed recursors will be needed, creating sales opportunities for
their software. Closing open recursors makes the cache poisoning
problem worse, and offer to sell a solution for cache poisoning.
In the case of open relays, opponents supported assertions to NANOG
members that it was OK to abuse open relays and that the Computer Fraud
and Abuse Act didn't apply to ISPs. I was silenced on NANOG in 2000
before I could gloat about proof that these laws do apply after the FBI
arrested foreign hackers who stole credit cards. See
http://www.iadl.org/nanog/nanog-story.html
http://www.iadl.org/ks/kai-schlicting-story.html
http://www.iadl.org/cn/cn-story.html
In fact, open relays did not offer any of the harms that opponents
claimed. The claims of harm were deceptive. See
http://www.av8.net/FTC.pdf The claims of harm were also intentionally
misleading. I added the fact that open relays were not anonymous, and
explained the header issue to the wikipedia page on open relays, and
this information was deleted, and replaced with innuendo implying that
open relays enable anonymous email. Deleting these facts are intentional
deceptions. See also
http://www.iadl.org/JATerranson/JATerranson-story.html for an account of
false claims of open relay harms.
> Spam did not cease but just one abuse mechanism disappeared.
The above is a false assertion. Genuine bulk emailers had no interest in
open relays. After Sanford Wallace's fixed IP address was blocked by
MAPS in 1997, Wallace tried to abuse open relays, and discovered that
open relays don't offer anonymity. In fall of 1997, most bulk emailers
including Wallace turned to disposable dialups, and thereafter didn't
abuse open relays. The Vixie/Levine/Joffe bulk email company,
Whitehat.com was apparently kept off of spam-traps by inside information
and to my knowledge, Whitehat didn't ever use disposable dialups to
circumvent blacklists. Vixie was a cofounder of MAPS; John Levine is
chair of the IRTF Anti-spam Research Group; Rodney Joffe is founder of
UltraDNS, Centergate Research, Whitehat. Bill Manning is Chief
Scientist; Vixie was board member on Nominum, David Conrad was CTO at
Nominum. (See http://www.iadl.org/maps/maps-story.html,
http://www.av8.net/IETF-watch/People/JohnLevine/index.html) Open relays
offered no advantage to genuine commercial bulk emailers. This is shown
most evidently in the abuse by Sanford Wallace in 1997. Wallace was
detected and stopped. Protecting an open relay from abuse is no
different than protecting a closed relay from abuse, and one doesn't
need to close the open relay to add such protection.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
