Home page logo

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: David Schwartz <davids () webmaster com>
Date: Thu, 27 Feb 2003 21:57:44 -0800

On Thu, 27 Feb 2003 22:36:37 -0500 (EST), jlewis () lewis org wrote:

This sort of activity is becoming more common / mainstream, so
ought to just get used to it.  Road Runner is doing the same thing
(according to http://sec.rr.com/probing.htm) which is pretty ironic
how their security department has gotten along with (or not) various
DNSBLs in the past.

        It has always been my opinion that if somebody connects to you, they
are implicitly granting you the right to connect back to them on
well-known ports. I have discussed this opinion with several dozen
people and have yet to find one who disagrees. (Though I'm sure
they're probably out there.)

        I've dealt with any number of abuse complaints, many from
governmental and quasi-governmental group. They've all accepted my
cut/pasted explanation and we've been whitelisted by several such

        I often use the following as the 'meat' paragraph of my reply:

"In accord with our terms of service, when someone makes a connection
to one of our machines, we make connections back to them to ensure
they're not connecting through an open proxy. These connections are
to each of the ports on which such proxies commonly run and some
ports may require more than one connection to test multiple
protocols. We never do such a probe except as a response to a
connection made to us."

David Schwartz
<davids () webmaster com>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]