nanog mailing list archives
Re: anti-spam vs network abuse
From: Richard Irving <rirving () onecall net>
Date: Fri, 28 Feb 2003 17:45:09 -0500
Len Rose wrote:
Scanning is always a precursor to an attack, or to determine if any obvious methodology can be used to attack. At least that's how it has been historically viewed.
See my other post. MAPS assists users in closing their "innocent" relay capable systems. And, FWIW, pro-active probing -can- provide a great service to the "less than clueful" end users. Scenario: MR. ISP A, we received over 300mbs from your network last week, as it participated in a 1500-bot attack of K ROOT SERVER... We have determined, via access list, that the following IP's appear to be the source of this attack, and we suspect have been compromised by the "koo-koo-ka-chooo" worm. We have not confirmed the identity of the worm, as the attack worm has yet to be identified, and isolated, conclusively. However, we have found all sources that participated in this attack had port 6667 and ports 7777 open. This lead us to hypothesize that it was the "koo-koo-ka-choo" worm... Several of these sites are under your Administration.... Attached, please find the list of infected servers.... Any information regarding this worm, and the servers subsequent sterilization, would be appreciated. Signed, The Admininstration of -=Your=- NSP.
In my opinion there is no legitimate reason to scan a remote host or network without the permission of the owners. Otherwise it is in fact excessive behaviour.
See above.
Current thread:
- Re: anti-spam vs network abuse, (continued)
- Re: anti-spam vs network abuse Daniel Senie (Feb 28)
- Re: anti-spam vs network abuse Gary E. Miller (Feb 28)
- Re: anti-spam vs network abuse Andy Dills (Feb 28)
- Re: anti-spam vs network abuse Dan Hollis (Feb 28)
- Re: anti-spam vs network abuse Jack Bates (Feb 28)
- Re: anti-spam vs network abuse David G. Andersen (Feb 28)
- Re: anti-spam vs network abuse Richard Irving (Feb 28)
- Re: anti-spam vs network abuse Charlie Clemmer (Feb 28)
- Re: anti-spam vs network abuse Andy Dills (Feb 28)
- Re: anti-spam vs network abuse Len Rose (Feb 28)
- Re: anti-spam vs network abuse Richard Irving (Feb 28)
- Re: anti-spam vs network abuse Len Rose (Feb 28)
- Re: anti-spam vs network abuse Randy Bush (Feb 28)
- Re: anti-spam vs network abuse Len Rose (Feb 28)
- Re: anti-spam vs network abuse Rob Thomas (Feb 28)
- Re: anti-spam vs network abuse Charlie Clemmer (Feb 28)
- Re: anti-spam vs network abuse Richard Irving (Feb 28)
- Re: anti-spam vs network abuse E.B. Dreger (Feb 28)
- Re: anti-spam vs network abuse Richard Irving (Feb 28)
- Re: anti-spam vs network abuse Roy (Feb 28)
- Re: anti-spam vs network abuse Paul Vixie (Feb 28)