FC: Email a RoadRunner address, get scanned by their securitysystem]

John R. Levine johnl at iecc.com
Sat Mar 15 15:01:47 UTC 2003


> I only find it humorous that a majority of the network probes
> against my network come from RoadRunner cable modems as it is, yet
> they want to add to it by having their own server run a probe...

RR scans their own network far more intrusively than they scan outside
mail senders and thwack their own users all the time, only of course
nobody hears about that.

As I've said elsewhere, most of a network's real mail comes from
places that have sent mail before.  If you get mail from a host that's
never sent you mail before, it is far more likely to be a compromised
relay or proxy sending spam than a legit mail server.  Of course they
test it.

Put yourself in their shoes.  They have a network with tens, probably
hundreds of thousands of users, all with a swell high-speed
connection, all under continuous attack by various sorts of malware.
Most of the users are running Windows 98 or XP systems which are at
least 30 critical security patches (that is to say, more than a month)
out of date.  Realistically, what would you do?

-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
johnl at iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail



More information about the NANOG mailing list