Shots from a 13 clip gun is an attack. Shots from a machine gun is an attack. Having the 5th division firing is an attack. Or, is the only way you see an attack in this kind of example is the 5th division, and a handgun is just checking to see if you are bulletproof?
But walking down the alley behind your business with a flashlight looking for open doors is not an attack or a trespass. It's a probe. The person doing the probe maybe a black hat that is going to exploit any open doors they find, or a white hat that is just trying to be helpful by informing people that have a vulnerability. In neither case is the simple act of shining their flashlight on your property actionable - if it's a black hat the actions taken AFTER doing this will be actionable, but the simple act of shining the flashlight is, at worst, only suspicious.
What you are doing is very much like the case of the crazy old shop owner that went off on the neighborhood watch, chasing after them with his broom and calling the cops to arrest them for daring to project photons onto his property without permission.
What exactly does ORBS do?
They call up your server and try to send an email. If it goes through you are an open relay, and they inform you of the open relay and if you do not correct it within 30 days they list you as an open relay. If you bounce the mail properly, they go on their way. If you block their probe entirely, they list you as 'cannot probe.' Under none of these cases are they attacking you. You placed your box on a public network, and you must know that lots of people out there, most of them (unlike ORBS) with less than honorable intentions are going to be probing you. So how does this test constitute an attack? You want it to be analogous to shooting at you, but shining a flashlight across your building is a much more accurate analogy.
I agree that 'to say "we are doing this to help you" is a cop-out.' IF they were doing anything out of line to begin with - but they aren't. Next I suppose you'll tell me that trying to ping you or do a reverse lookup of your ip is an attack? Please.
If you don't want them probing you, that's fine, block it. That gets you listed only as 'cannot probe' not as an open relay, which is the appropriate and correct classification, and one that most ORBS customers do not block, and those that do block you, well, that's their right and their paranoia. If you are really so concerned about losing connectivity to the most paranoid subset of ORBS subscribers then you know what to do about it, I don't have to tell you. But you obviously are not concerned about that, your own account makes it clear you want nothing more than to be listed in ORBS so you can whine on public forums about their 'fascism.'
You talk as if you think that anyone that's going to send packets to your box is required to get your permission first. This is clearly not the case. By putting it on the public network you've implicitly agreed to have contact with the rest of the network, isn't that the whole point? If you don't want that then for gods sake unplug your NIC.
A more constructive response from you would have been to contact ORBS in a mature manner instead of sending them 'cartoonie threats' and 'demanding' that they answer your assinine questions - 1) why my host was attacked by thier probe. - there was no attack. 2) what proof they had that my host was involved in spam. - doh! none, nor do they need any, do you have a clue how ORBS works? It's not MAPS, it's proactive, they look for systems that COULD be abused and notify sysadmins when they find them, the listing part of the service is a last resort. You act like their probing was the equivelent of an FBI raid, and want to know what probable cause they had, when in fact it's nothing of the kind, they aren't trespassing on your server, they are just sending a request that you damn well know can be sent to your server by anyone that chooses, by virtue of your connection to the network, and observing how you deal with the request. Again, the analogy is much more like an inspection from the street with a searchlight, not as you would have it a SWAT raid and tearing your furniture apart. 3) that they should MAIL me this in a letter, as I was going to add them to my access list as reject.- translation, I don't want to talk to you, I'm going to throw a hissy fit and stick my fingers in my ear when you try to talk with me, but I DEMAND that you make me hear anyhow, and when you inevitably fail I will take that as proof that you have nothing to say. The whole thing smacks of you wanting to get yourself listed and deliberately pushing them to do just that, and I've at this point only heard YOUR side of it.
Please, grow up. ORBS isn't perfect, and there are some reasonable people that think they are overzealous, but in comparison to your juvenile response they are gods of moderation. The fact that you are loudly announcing your actions in this matter just goes to show what a profound idiot you must be - you should be ashamed of yourself.
[ Parent ]