anti-spam vs network abuse
David Schwartz
davids at webmaster.com
Fri Feb 28 05:57:44 UTC 2003
On Thu, 27 Feb 2003 22:36:37 -0500 (EST), jlewis at lewis.org wrote:
>This sort of activity is becoming more common / mainstream, so
>people
>ought to just get used to it. Road Runner is doing the same thing
>(according to http://sec.rr.com/probing.htm) which is pretty ironic
>given
>how their security department has gotten along with (or not) various
>DNSBLs in the past.
It has always been my opinion that if somebody connects to you, they
are implicitly granting you the right to connect back to them on
well-known ports. I have discussed this opinion with several dozen
people and have yet to find one who disagrees. (Though I'm sure
they're probably out there.)
I've dealt with any number of abuse complaints, many from
governmental and quasi-governmental group. They've all accepted my
cut/pasted explanation and we've been whitelisted by several such
organizations.
I often use the following as the 'meat' paragraph of my reply:
"In accord with our terms of service, when someone makes a connection
to one of our machines, we make connections back to them to ensure
they're not connecting through an open proxy. These connections are
to each of the ports on which such proxies commonly run and some
ports may require more than one connection to test multiple
protocols. We never do such a probe except as a response to a
connection made to us."
--
David Schwartz
<davids at webmaster.com>
More information about the NANOG
mailing list