Home page logo

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: Len Rose <len () netsys com>
Date: Fri, 28 Feb 2003 18:05:12 -0500


That's the problem, Sir! Many (I daresay the majority) of people take
my hardnosed position. I know that there are people and services with
good intentions, but I respectfully suggest that those good intentions
shall not pass my borders.  

If an anti-spam mail relay testing service proactively scans my mail 
servers for smtp related issues, I will not complain because spam
friendly relays and proxies are evil and must be shut down. If my 
service provider wishes to scan my network and hosts they can do so
after they get obtain my permission. 

Just because my networks happen to connect to the internet doesn't 
give up any  dominion over those networks.

 If some unknown entity (whether it's a service or an individual)
(for whatever reason) scans my networks and hosts proactively for whatever
justificatiojn, I still find that to be excessive trespass. 

Just because you can reach my network does not give you grounds to 
play with my toys. 

More below:

Richard Irving wrote:

Scanning is always a precursor to an attack, or to determine if any obvious
methodology can be used to attack. At least that's how it has been
historically viewed.

  See my other post. MAPS assists users in closing their "innocent"
relay capable systems. And, FWIW, pro-active probing -can- provide
a great service to the "less than clueful" end users.

I agree with all of your positive reasons why such a service is 
great but you should be dealing with it by blackingholing their
ASN nstead and soon when everyone does so, they'll get their 
act together or be cut off.

Since your network was victimized you should be proactive about
contacting the people responsible. You can even scan their hosts
at this point since you're engaged in defensive operations.

If they're a responsible provider (it sounds like you're talking
about some sort of hosting provider here) they'll have a NOC,
and you can escalate it until you reach a clue.

I don't see anything else as being more than busybodies poking
where they don't beloong.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]