Hosting Provided By

Re: SMTP Scans

From: Chris Boyd <cboyd(at)gizmopartners.com>
Date: Mon Apr 28 2003 - 13:25:15 EDT

On Friday, April 25, 2003, at 07:21 PM, Hoof Hearted wrote:

>
>
> Wow! - OK it's safe to say there is some opinion on this. Many thanks

Many large broadband ISPs are starting to do these types of scans. I think that it's a small price to pay to help reduce the number of open relays and proxies that can be exploited by spammers. See http://security.rr.com/probing.htm for one example. Rather than null route them as others have suggested, you may want to leave the door open for them just to make sure your IDS is still working.

Also, if you own the network, do you think that the AUP really applies? As you've seen, people are out to get you on the 'net. If the ISP can find a problem box and shut it down before it's used to attack you, isn't that a good thing?

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents

Received on Tue Apr 29 18:03:03 2003

This message: [ Message body ]
Next message: Hahn, Jacob: "Odd IIS log entries"
Previous message: Frank Knobbe: "Re: New CodeRed strain? -- UPDATE"
In reply to Hoof Hearted: "Re: SMTP Scans"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:04 EDT