utilizing our Internet email services. See attached logs. We cannot identify or recognize any of these as belonging to customers. If this relay traffic is indeed sent by our customer, please provide the customer name and account number. These IP addresses have been blocked from all access to all of our network. The block will be removed once the Av8 customer is authenticated or payments are made for the services rendered. Our email relay services are only available to authorized users, and are clearly marked as such: 220-odie.av8.com ESMTP Sendmail; Sat, 23 Oct 1999 16:05:53 -0400 (EDT) 220 Authorized Users Only 220-Notice: Unauthorized use billed at $1 per message, $10 per bounce, 220-$90/hr for cleanup. 220 Unauthorized use over $5000 defined as criminal by 18 USC 1030(A)(4). If this traffic is an unauthorized relay, we will press our rights for compensation. Each unauthorized message will be billed at $1 per address, plus $10 per bounce plus additional cleanup time billed at an hourly rate of $90/hr. We also note that 18 USC 1030 section 4 defines unauthorized access over $5000 as a crime. We will refer all criminal unauthorized accesses to the FBI for prosecution. Please see our statement at http://www.av8.com/spamstmt.html for more information. The false advertising of relay services as being free violates various state laws covering fraud. It has come to our attention that some of this activity is organized and incited by an organization called ORBS and MAPS, which fraudulently advertises our service as a free service. It is not. ORBS/MAPS is blocked already by a number of ISP's. They have changed IP's to avoid blocks. ORBS probing of government computers variously violates 18 USC 1030 section (a)(2)(b), (a)(2)(c), and (a)(3); By falsely advertising sites as offering free relay services they conspire with spammers to enable spammers to violate 1030 section a.4, and enable spammers to send spam in amounts less than criminal violations of section 4. This is also a fraud, which ORBS/MAPS furthers. By furthering subsequent frauds, MAPS/ORBS probing of non-goverment computers violates section (a)(4). ORBS/MAPS are part of the fraudulent group stealing resources, the sum of which is more than $5000. In violation of 18 USC 1030 section (a)(7), ORBS/MAPS has attempted to extort us to stop offering relay services by threatening the advertisement of our relay to spammers and others who would damage our services and/or use our relay service without authorization and without payment. Relay scanning and unauthorized security probes violate 18 USC 1030(a)(2)(c) and (a)(3) by obtaining information about security vulnerabilites of a protected computer or a non-public government computer respectively. MAPS has published evidence on its web site of scanning a non-public government computer: atos.faa.gov (204.108.10.130) on 5/23/2001. There may be others. This is a violation of 18 USC 1030 section (a)(3). MAPS cannot be trusted: While this might not be surprising for an organization with a total disregard and apparent contempt for US Federal Law, On 5/29/2001 MAPS publicly announced on its web site that it has stopped relay scanning. This claim is not true. On 10/26/2001 our servers were again scanned by MAPS. MAPS refuses to pay for its network utilization, despite having been made aware of the terms under which it is allowed to use our relay servers, and owes approximately $130.00 to Av8 Internet, Inc for direct use. MAPS also advertises lists of relays for spammers to exploit, and acknowledges this on its page that says it has stopped scanning. Until relatively recently, MAPS didn't advertise its list of blocks, nor did it block relays, nor did it search out relays for spammers to use. Indeed, MAPS was one of the early organizations to block ORBS.ORG for network abuse, for ORBS relay scanning. That has changed. Now, to make their point, they are assisting spammers to abuse relays and send more spam in the hope that it will prompt legislation. Vixie says that it is his intention to make it bad enough so legislators will act. Thats basically the goal of any terrorist. I claim that such an attitude make _them_ a rogue element. By advertising Open Relays for abuse, and then offering a commercial service to protect one from that abuse, MAPS is operating a protection racket, which is also a fraud. Other early messages from Paul Vixie on the establishment of MAPS indicate a concern over racketeering charges. UPDATE: Please notice: That ORBS.ORG was shutdown in New Zealand for fraud. It moved from New Zealand to the US, where it was renamed ORDB.ORG, and was again shortly terminated service. It has recently found a site in Denmark from which to continue its fraudulent operations. The IP address of this new site is 62.242.0.190. Another copy of this site has been setup at ORBZ.ORG, hosted by Taconic Technology Corp of Chatham, NY 12037, on IP address 205.231.149.53. MAPS also blocks ORBZ, for relay scanning, while it apparently seems to think its own scanning is OK. A number of ISP's have shutdown similar sites: IMRSS has been shutdown. Openrelaywatch.org has been shutdown. ORDB was shut by UUnet, but then ORDB found another home in Denmark. These are abuse sites violating US Federal Laws, and conducting frauds. We ask that you block access to or from the following addresses for all of your customer and internal connections: access-list 104 deny ip 202.36.148.5 0.0.0.255 any access-list 104 deny ip 202.36.147.16 0.0.0.255 any ! rss access-list 104 deny tcp 204.152.187.123 0.0.0.255 any eq 25 access-list 104 deny udp 204.152.187.0 0.0.0.255 any eq 53 ! ordb access-list 104 deny ip 62.242.0.188 0.0.0.3 any access-list 104 deny ip 205.231.149.53 0.0.7.255 any Or if you have routers which can't use access lists: ip route 202.36.148.0 255.255.255.0 nul0 ip route 202.36.147.0 255.255.255.0 nul0 ip route 204.152.184.74 255.255.255.0 nul0 ip route 62.242.0.188 255.255.255.252 nul0 Dean Anderson President` Av8 Internet, Inc All times below are US Eastern Standard Time unless otherwise noted.