Folks,
I've received periodic requests from individuals who feel somehow slighted
by posts contained in the NANOG archives. As you may or may not know, we
host a MHonArc'd version of the list as a Searchable archive of web pages
and an IE/NEtCaster Channel.
A request came in today to remove a post that listed a number of hosts open
for relaying. The individual asked me to remove the message so as to
minimize the damage it causes the owners of the listed relays, including
himself.
Since these are generated from the flat archives at Merit, I'm loath to
start editorializing. What do folks think? Should we edit the archives to
remove "dangerous" information, or let them stand on their merits (no pun
intended) and let the roaches scatter in the light?
Respond privately unless you absolutely feel a need to start a discussion
on it. I'll post the decision I come to on the list.
Eric
A request came in today to remove a post that listed a number of hosts open
for relaying. The individual asked me to remove the message so as to
minimize the damage it causes the owners of the listed relays, including
himself.
Since these are generated from the flat archives at Merit, I'm loath to
start editorializing. What do folks think? Should we edit the archives to
remove "dangerous" information, or let them stand on their merits (no pun
intended) and let the roaches scatter in the light?
I vote to let them stand. The person(s) who feel they are slighted or in
danger from a public list (of information that is, after all, not all that
hard to obtain independently) needs only to correct the problem to remove
the danger.
Respond privately unless you absolutely feel a need to start a discussion
on it. I'll post the decision I come to on the list.
I think it's an area deserving of public discussion. There are numerous
"open relay" lists around, from folks genuinely trying to be helpful to
spammers sharing info, so removal from the archives is not really going to
do much for the issue one way or another. However, the question is begged:
"Should information on potential network abuse points be shared and public
or not?"
Wabbit season!..duck season!..wabbit season!..duck season!..SPAMMER SEASON!
Dean Robb
PC-EASY computer services
(757) 495-EASY [3279]
Yes. View it the same as Bugtraq. If you find a problem, let the owner
know and give them ample time to respond and fix it. If it is not quickly
taken care of, add them to the list. That is the only way you will ever
get things done. If telling them privately doesn't work, telling the
world and embarrasing them in front of peers might. So the spammers get
the list... it might get the problem fixed quicker.
.015
Sam
Yes it should. All of the majors mail packages now have versions out that
will correct the problem. Those that are still open for relaying are in
that state becasue they don't want to upgrade. As long as they are in that
condition they are a "nav hazard".
There are software utilities that will scan the Internet for open-relay
hosts, by IP address. Not putting them on a list will not hide them from
these scanners. However, it will help the spam-fighter to know where these
sites are, they can be black-holed.
This is basically my point and position. Problems cannot be fixed if they
are not first identified. If someone should get abused, and the abuser got
the relay from a list and not his own efforts, that *should* encourage the
relay owner to get off his/her/it's duff. No one is as security concious
as he who has just been robbed.
Wabbit season!..duck season!..wabbit season!..duck season!..SPAMMER SEASON!
Dean Robb
PC-EASY computer services
(757) 495-EASY [3279]
I vote to let the entire archive stand in its own light, unedited.
Everything else quickly gets to the point where it becomes a serious
question of censorship. That includes network abuse.
If somebody posts wrong information or is simply mistaken about issues, post
a correction. What, have you guys all lost the ability to communicate and
solve conflicting views in civilized, verbal discourse?
This is a public forum, treat it as such. If you don't want something to be
public knowledge or are unable to communicate in words, don't post it here.
Thanks,
Chris