Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Information Security News: Moderators note: Wh00ps!!!

Moderators note: Wh00ps!!!

From: InfoSec News <isn_at_c4i.org>
Date: Sat, 15 Mar 2003 01:22:25 -0600 (CST)

For only the second time since taking over the list, I accidently sent
something off that I shouldn't have - I'm in the middle of trying to a
resolve a week long spam/virus problem with a provider that has been
falling on deaf ears.

Thankfully, there was *NO* virus payload in that message.

In a related note, Declan McCullagh's Politech list has an interesting
note about this same provider...

Thank you for your understanding,

William Knowles
wk_at_c4i.org

---------- Forwarded message ----------
Date: Fri, 14 Mar 2003 15:25:46 -0500
From: Declan McCullagh <declan_at_well.com>
To: politech_at_politechbot.com
Subject: FC: Email a RoadRunner address, get scanned by their security system 

---
Date: Fri, 14 Mar 2003 15:22:24 -0500
Subject: RoadRunner Automated Portscans
From: Gunnar Hellekson <gunnar_at_onepeople.org>
To: declan_at_well.com
After sending an email to a friend at a RoadRunner address, I see this in 
my web access log:
24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25 
HTTP/1.0" 404 535 "" ""
Basically, RoadRunner tried to spam themselves using my server.  I mailed 
abuse_at_rr.com about this, and received a canned response, enclosed.  It's a 
humble response, but woefully inadequate.  Have anti-spam measures come to 
this?  This seems like an ill-considered compromise between privacy and 
anti-spam efforts.  A blunt instrument that betrays less-than-careful 
thinking.  The opt-out option, which was revealed only after my complaint, 
is even more obnoxious.
Under their logic, I feel entitled to poke and prod their customers, just 
to make sure they don't spam me.  Is that fair?  I promise to provide an 
opt-out if anyone complains.
I'm curious whether this preemptive measure is effective at all.
-Gunnar
>From: "Road Runner Security \[DSR\]" <abuse_at_rr.com>
>Date: Fri Mar 14, 2003  2:05:12 PM America/New_York
>Subject: Re: Port scans?
>
>Hello,
>
>The securityscan.sec.rr.com machine is a Road Runner Security resource that
>is used as a tool to assist us in determining if machines being used to
>send us mail may be abused from outside sources, allowing them to be used
>to spam our customers and role accounts. We fully understand your concerns
>surrounding the probing of your machine. This issue has been raised
>internally and we hope this email helps you better understand our process.
>
>The intention of this process is truly not meant to be a "big brother"
>system, but we understand that some may view it as such. Our ultimate goal,
>however, is to protect our network, our customers, and our role accounts.
>
>Road Runner has begin the REACTIVE testing of IP addresses which connect 
>to its inbound SMTP gateways. If your machine connects to ours to send 
>email, we reserve the absolute right to perform SMTP relay and open proxy 
>server tests upon the connecting IP address to ensure that the machine at 
>that IP address cannot be abused for malicious > purposes.
>
>These scans are done once per week per IP, via an automated process, and 
>only on those servers that have sent our subscriber base mail. The only 
>way for these tests to occur is if an IP address connects to our inbound 
>SMTP gateway. If found to be an open proxy or smtp relay, the IP address 
>will be blocked at our mail gateway borders with one of the following 
>error messages:
>
>ERROR:5.7.1:550 Mail Refused - See 
>http://security.rr.com/mail_blocks.htm#proxy
>ERROR:5.7.1:550 Mail Refused - See 
>http://security.rr.com/mail_blocks.htm#relay
>
>We understand that some entities may not wish to be scanned as part of this
>automated process. If you do not wish to be tested by Road Runner, there
>are two ways to accomplish this:
>
>1. Send an e-mail to 'donottest_at_security.rr.com' with the IP address that
>you do not wish to be tested. Please note that if you are not the
>designated contact for your IP address range (for example, if you are on a
>cable modem, DSL, or dialup range), we will be unable to fulfill your
>request for addition or removal.
>2. Do not connect to our inbound SMTP servers. Again, this test is only
>conducted on servers that connect to our servers.
>
>If you have any further questions, you can visit http://security.rr.com or
>contact Road Runner Security via e-mail at 'spamblock_at_security.rr.com'
>
>Regards,
>Road Runner Security
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Mar 15 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]