Security Incidents mailing list archives
Re: Handling Scans.
From: John Oliver <joliver () CONNECTNET COM>
Date: Wed, 14 Feb 2001 14:27:05 -0800
Justin Shore wrote:
Exactly. Give them the full details and be nice about it. If they go balistic on you, then you can get hostile; one up them and go to there provider. Lately a lot of the spam I receive has been from open relays. I usually dig through the headers and report the spam to the owner of the server that handed the message off to me. I also check to see if it's an open relay (especially if they report a FQDN that matches the IP I resolve by hand). If they are open, I dig a level deeper and report the spam to whomever handed it to that open relay. I also give an FYI to the owner of the misconfigured machine acting as an open relay, being nice of course, just a friendly heads up. I don't report them to ORBS or MAPS. I just let them deal with it.
I always report 'em to MAPS. If a server is misconfigured to the point of allowing indiscriminate third-party relaying, *especially* if it's an overseas machine, it's almost guaranteed that most if not all contact addresses are going to bounce. So they get submitted to RSS. That'll keep the spam out in the future and/or spare someone else the load of crap. It's very, very easy for the admins to get out of RSS once they fix their problem, so there's no good reason *not* to report them. If you have to choose between reporting to the admin(s) or MAPS, choose MAPS... you're much more likely to get a positive effect that way. -- John Oliver, System Administrator http://www.allegiancetele.com ConnectNet, an Allegiance Telecom company http://www.connectnet.com 6370 Lusk Blvd. Ste F103 (858) 638-2020 San Diego, CA. 92121 FAX: (858) 623-1505
Current thread:
- Re: Handling Scans., (continued)
- Re: Handling Scans. Reeves, Mike (Feb 12)
- Re: Handling Scans. Timothy Lyons (Feb 12)
- Re: Handling Scans. Guillaume Filion (Feb 12)
- Re: Handling Scans. Abe Getchell (Feb 13)
- Re: Handling Scans. Reeves, Mike (Feb 13)
- Re: Handling Scans. Reeves, Mike (Feb 13)
- Re: Handling Scans. Valdis Kletnieks (Feb 13)
- Re: Handling Scans. John Nemeth (Feb 14)
- Re: Handling Scans. John Nemeth (Feb 14)
- Re: Handling Scans. Justin Shore (Feb 14)
- Re: Handling Scans. John Oliver (Feb 14)