Hello
I will say about my experience with ORBS (as network administrator)
because the peoples associated with qmail have given good recommendation
to
use and base on ORBS as good anti-spam method.
I let to be another opinion!
After crush of one of Polish Cardiac Society's Server placed in Lodz (I
administrate others servers) I have been asked to help with
administrating
and making secure of this host. Till September it was really insecure
and indicated
(as I think and see) by ORBS as insecure. Exactly - not excluded - that
already
this time helped it hackers "to find it as easy to break".
Since October, after crush I have installed - nota bene recommended by
ORBS
and this mailing list software - so, qmail as mail system and tcpserver
provided to secure qmail as well as telnetd, ftpfd and others insecure
Internet's daemons.
November 5, I have observed the proof of port scanning thus relay-test
by
ORBS. There are accepted by secured against open relay smtp, because
ORBS
applied to allocate addresses with domain of tested host (also
@lodz.ptkardio.pl).
The test was continued till November 9, This time I was taken away from
my Hospital - I was participating at Polish Medical Internet Conference,
where
I have said about qmail and tcpserver as good security system to
Internet servers too.
"Nov 5 10:49:13 sun smtp: tcpserver: ok 16751 :212.51.193.152:25
relaytest.orbs.
vuurwerk.nl:194.178.232.55::4445"
This time was the proof to attack this server, prior "tested by orbs"
The hackers have not broken the tcpserver, but system are not responding
and this time we can't give our reaction. Now when the friends from Lodz
had rebooted the server, it has been worked correctly. I was beginning
to analyze of logs
The logs have indicated the Romania as hackers place:
"Nov 9 12:13:05 sun telnet: tcpserver: deny 18305 :212.51.193.152:23
falconsrl.r
dsnet.ro:193.231.236.12::3802"
All has been after this attack in short time restored. But in some time
ORBS was beginning
again the test. And in this same time I have observed again more proofs
of hacking -
good luck - without damaging.
I have send to ORBS the requests to cancel me from their data base and
stop with
testing, because I'm of opinion, that this data base use first of all
hackers.
If during test has been by me observed increased activity of attack I
can suppose,
that hackers this time have information which host is tested and which
one host is
established as insecure. Where!
I have blocked smtp machines to bounce all mail's from ORBS: Effect is
good, but
ORBS apply be still active:
"Nov 20 00:22:39 sun smtp: tcpserver: deny 7226 :212.51.193.152:25
mail2.manawatu
.net.nz:202.36.148.21:postmaster:1932"
WHY!
PLEASE DON'T RECOMMEND ATE ORBS. There are criminal activity. My host
can by
during its appreciation damaged!
Please say my please, what do to ORBS shall finish with " standing
before doors
of my house and proofing which one keys may be useful to open it"
The letter are very long, but a problem for me very much
Please help to stop criminal activity
Piotr Kasztelowicz, MD
--
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
