FC: Email a RoadRunner address, get scanned by their securitysystem]

Jeremy T. Bouse Jeremy.Bouse at undergrid.net
Sat Mar 15 07:43:39 UTC 2003


	I only find it humorous that a majority of the network probes against my
network come from RoadRunner cable modems as it is, yet they want to add to it
by having their own server run a probe... Not that I email many RR customers as
it is directly through my mail servers... I also enjoy the ironic humor in the
fact my home network is on statically assigned DSL IP space that I hold forward
and reverse DNS control for but by their own statements I could not opt-out even
though it is SWIP'd to me but is a DSL allocation... No worries the only
machines on my network that would send outgoing email are behind a NAT that does
port forwarding so even if they connect back on port 80 from the IP that
connects to port 25 on their server doesn't mean they're talking back to even
the same machine here...

	In all fairness though looking at the top 15 source addresses my IDS has
pick'd up lately... 9 of the 15 are from my own providers space and they don't
even react to reports... 90% of the hits are still CodeRed no less...

	Jeremy

On Fri, Mar 14, 2003 at 10:27:03PM -0600, Jack Bates wrote:
> 
> Sending email to many servers means that your mail server will be probed for
> open proxies and open relays. It's only seriously taboo when it leaves the
> actual connecting server to scan the rest of the network. This is why I
> posted previously about a centralized system so that we can limit these
> probes. In the case of RoadRunner, it is only inappropriate because RR
> themselves complains and throughs a fit about being probed, and yet they
> probe others.
> 
> -Jack
> 



More information about the NANOG mailing list