RE: EMAIL != FTP

From: David Lesher [mailto:wb8foz@nrk.com]
Sent: Saturday, May 26, 2001 6:56 AM

A) A friend got bit badly by the "anything I can attach I will"
syndrome. He was in the UK, and the usual USG local POP (from PSI)
was FUBAR.

So he called back to DC to get urgent mail. Some MITRE genius
had attacked a 10+meg PowerPointless file to his message to 100+
folks, including Friend. Friend err (rather you & I) paid a VERY
large phone bill for that braindeadness.

So, why were they dialing international when ATT WorldNet is closer/cheaper?
Could it be because they'd have had to have opened the server for relaying,
from ATT, in order to do that? The anti-openrelay crowd raised your friend's
cost there by $4.90 per minute +VAT, by FORCING them to use international
dialup instead. They could have also used ATT and punched a tunnel through
to their host (still have to allow ATT dial port access). I was in the same
position (London) last year and had my servers ORBS listed, even though they
were only exposed for two weeks and they never saw spam being relayed. ORBS
listing is cheaper than international phone charges, VAT or no VAT.

Two things I always get before going to EU; a GSM rental cell phone and an
ATT WorldNet account (I bring my own telco-hacker kit). For phone calls
state-side I use Dialpad or Net2Phone. MHSC has been doing some work in NZ
and we regularly connect via NetMeeting. My telco bills are consistently
very low.

B) I'm intrigued by the proposal for pseudo attachments.
Hmm, what's really needed?

  1) User still points & clicks.
  2) MUA uploads attachment to its designated server.
  3) MUA attaches URL & password to message.
  4) Recipient gets mail and grabs attachment.
  5) Server knows who has gotten file, keeps track.
  6) 24 hours after last recipient has claimed it, or {say}
  1 week later, it deletes it. Replaces with "it's expired,
  have it resent" for whenever. (Gee, this sounds like news
  and history files...)

All this needs to work is for say Eudora and Mutt to both offer it.
Once a critical mass of sysadms deploy same, and crank down the
limit to 100K, more will. (I say Eudora because M$ will resist
anything that interoperates....)

Key ingredient ... critical mass of sysadms. It will NEVER happen as long as
neither Domino or Exchange are doing it. This list proves that you can't get
any two sysadms to agree on the color of the sky on a sunny day. Further
proof is found on the ICANN lists.

--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

I still love this sig-line <g>.

Have you ever setup an Apache web server (or any other)? Create a
random binary file and call it something.xyz (or any other extention
not defined in your mime-type) and see if ANY browser will load it
as something other than garbage.

NANOG != Apache support and sympathy forum. Might I suggest
<http://httpd.apache.org/docs/&gt;, specifically the section pertaining
to mime.types?

You miss the point. It's what the users want. They are not
interested in maximizing efficiency <gasp>. They are into what
works. They don't give a flip how.

And referencing URL's in e-mail, rather than flooding people with
large binary attachments, is perfectly efficient and functional.

So, why were they dialing international when ATT WorldNet is
closer/cheaper? Could it be because they'd have had to have opened
the server for relaying, from ATT, in order to do that? The
anti-openrelay crowd raised your friend's cost there by $4.90 per
minute +VAT, by FORCING them to use international dialup instead.

And this is bad how? I'd very surprised if AT&T does not operate SMTP
relays for roaming dial customers to use. Failing that, there are
many means of granting mobile users authenticated access to your
relays, without opening them up for abuse, which have been outlined in
greater detail earlier.

This is not 1995. Running an open relay today is just plain
irresponsible, and offers _no_ operational benefit. Stubborn people
who think otherwise deserve to be blackholed. Period.

I was in the same position (London) last year and had my servers
ORBS listed, even though they were only exposed for two weeks and
they never saw spam being relayed. ORBS listing is cheaper than
international phone charges, VAT or no VAT.

If you don't want to get listed in the ORBS, don't run an open relay,
or prevent them from scanning you. If this is too difficult too
implement, or the negative impact on your business resulting from
commonly-accepted responsible operational practices is too severe,
then you can deal with the consequences of being blackholed by ORBS
subscribers. Your choice.

-adam

Any North American Network Operator (NANO_) that entrusts control of
their networks' communications to a foreign third party is a fool.
ORBS is run by one Alan Brown based in New Zealand. IMHO, he's a
cyberterrorist.

Being blackholed by New Zealanders should be an insignificant threat
to US-based networks. If it starts being a noticeable problem, you
have a serious national security breach.

--Mitch
NetSide

Mitch,

I'm not a huge fan of ORBS. We don't use it. This is based on the fact
that we don't like their tactics. I do make use of MAPS however. That
said, the fact that someone is using either service and perhaps your email
doesn't go through has absolutely NOTHING to do with national
security. It has everything to do with YOUR security. If your MTA is
closed to SPAM problems and you and your customers don't SPAM, you have no
problems. If you refuse to secure your MTA, that's YOUR problem and many
of us have taken steps to prevent YOUR problem from becoming OUR problem.

Did I happen to mention MAPS in my post? I didn't. The argument was made
for ORBS, or any FOREIGN entity that blocks North American networks.
ORBS fans in this country will have lots of explaining to do and hell to
pay if any foreign entity exploits this weakness to attack US interests
in an international incident.

Our position on MAPS is described clearly at http://www.dotcomeon.com
I don't want to start a debate on MAPS and be accused of OT trolling.

--Mitch
NetSide

For those who read Computerworld, a co-worker of mine was quoted on page 1
of the May 21 issue, saying "You can expect to see major liability lawsuits
in the next 18 months or so". Better install those IIS patches *NOW* -
I'm more concerned about a lawyer attack than an international terrorist
attack....

OK.. so a hostile site *could* use DNS cache poisoning or hack the
ORBS DNS servers to screw up your e-mail. On the other hand, you have
the *EXACT* same vulnerability for *ANY* use of DNS. So unless you're
using /etc/hosts exclusively, you have *bigger* problems if faced by a
determined adversary. Frankly, if *I* were a determined adversary, the
site's use of ORBS would be the least of their problems.

I don't know.. maybe the foreign terrorists are like the Three Stooges - they
DID catch the guys who bombed the World Trade Center when one of them tried
to get back the deposit on the now-destroyed truck.....

For bonus points - if anybody is both paranoid and anal-retentive enough
to care about this sort of thing, I presume you *HAVE* edited your DNS
cache hints to only include root name servers that are located on US soil,
and reachable entirely by communications links that do not take a loop
through non-US territories.

THere *will* be hell to pay if foreign terrorists take over a root name
server that's outside the US, after all....

define foreign.

even though i'm a NANO, unfortunately, i have to rely on several foreign third
parties for my network stuff.

ICANN
ARIN
Network Solutions/Verisign

i only wish that i could use reliable kiwi alternates for these over-managed,
unstable, useless entities.

jim, from canada, not (as yet) part of the Untied States of Anemia

North American != USA

Any North American Network Operator (NANO_) that entrusts control of
their networks' communications to a foreign third party is a fool.
ORBS is run by one Alan Brown based in New Zealand. IMHO, he's a
cyberterrorist.

I do _not_ support the ORBS. While I like with the concept, the
implementation (implementor?) is of questionable sanity, and the
volume of false positives, in the form of mail from legitimate senders
running horribly misconfigured and vulnerable mail servers, is too
high.

Being blackholed by New Zealanders should be an insignificant threat
to US-based networks. If it starts being a noticeable problem, you
have a serious national security breach.

Nobody's arbitrarily blackholing you. There are clearly defined
procedures for getting on and off their list. If you choose to ignore
them, that's your choice.

Our position on MAPS is described clearly at
http://www.dotcomeon.com

You could have fixed your open relays in a manner acceptable to your
user base, in less time than it took you to make this site.

On Sat, May 26, 2001 at 07:23:16PM -0400, Mitch Halmu exclaimed:

Did I happen to mention MAPS in my post? I didn't. The argument was made
for ORBS, or any FOREIGN entity that blocks North American networks.
ORBS fans in this country will have lots of explaining to do and hell to
pay if any foreign entity exploits this weakness to attack US interests
in an international incident.

Our position on MAPS is described clearly at http://www.dotcomeon.com
I don't want to start a debate on MAPS and be accused of OT trolling.

too late ...

OK.. so a hostile site *could* use DNS cache poisoning or hack the
ORBS DNS servers to screw up your e-mail.

Or ORBS could take sides in an international conflict and do it themselves.
I'm not the only one that said they blackhole for political reasons, or
that they are extremists. No sooner were those words uttered, someone
from Calcutta, India [202.86.168.81 - caltiger.com] decided to remind us
that, besides the atomic bomb, they now have connected computers too.

For bonus points - if anybody is both paranoid and anal-retentive enough
to care about this sort of thing, I presume you *HAVE* edited your DNS
cache hints to only include root name servers that are located on US soil,
and reachable entirely by communications links that do not take a loop
through non-US territories.

THere *will* be hell to pay if foreign terrorists take over a root name
server that's outside the US, after all....

The named.ca file provides sketchy details about locations. Meknows that
F is in the care of Paul Vixie. M is in a 202 apnic block (Japan). Any
others to worry about? Perhaps we should run traceroutes to all...

--Mitch
NetSide

and while you are at it, get some legislation passed which will prevent
foreign countries from using american technology for their infrastructure.

oops, i guess that's already in place.

[ i just checked a foreign calendar, and note that this is the memorial day
  weekend in them United States of America. does this explain the recent
  spate of protectionist/rampant-paranoid posts? ]

If someone at an internet exchange outside your control starts announcing
your netblocks, you have the same issue..

I see your point but I don't think its an argument; there are thousands of
possibilities to harm a nationwide network.

Mitch Halmu wrote:

Or ORBS could take sides in an international conflict and do it themselves.
I'm not the only one that said they blackhole for political reasons, or
that they are extremists. No sooner were those words uttered, someone
from Calcutta, India [202.86.168.81 - caltiger.com] decided to remind us
that, besides the atomic bomb, they now have connected computers too.

How is caltiger.com related to ORBS?