Re: Legal? Road Runner proactive scanning.

["steve" <securityfocus () delahunty com>]

Also makes me think that their port scanning is no different than anyone
else port scanning you.  Is that legal or not --- I would say it is not
illegal but not necessarily ethical.

And back to the orignal concern, your IDS logs, do you check every entry in
your IDS logs?  I would think that most IDS logs would not alert on this
type activity since it really has become so commonplace.  I don't know many
places that check every log entry in their IDS but rather focus on those
that are truly potential attacks.  I do see most of us might make an
argument that a port scan is the initial phase of a potentially larger
attack later.


----- Original Message ----- 
From: "Mitchell Rowton" <mrowton () bdo com>
To: <bsampsel () libertyactivist org>; <security-basics () securityfocus com>
Sent: Thursday, March 11, 2004 5:10 PM
Subject: Re: Legal? Road Runner proactive scanning.


I'm sure they could argue that a port scan was checking ports for "open
proxies."  Are they just scanning for port 25 or actually doing an open
relay test?  Same with proxy, are they just scanning for 8080 and other
ports, or are they testing also?

Sounds like they are abusing machines to find out if they can be
"abused for malicious purposes."

> > > "Bryan S. Sampsel" <bsampsel () libertyactivist org> 03/10/04 06:58PM
I've had entries from that system performing port scans...not simply
SMTP
relay checking.

I think it's time to block 'em at the firewall, as I consider this
tantamount to an attack myself.

IMO,

bryan



Greg said:
> We saw the same thing about a year ago and contacted them. They
> basically read to us verbatim what you have below. We now simply
block
> that particular IP at the firewall. They haven't bothered us since.
>
> --- jbod <for_the_republic () yahoo com> wrote:
> > Proactive scanning.  If everyone did this how would
> > you ever sort through your logs?  Your IDS would go
> > nuts constantly.
> >
> > Excerpt:  "If your server connects to ours, we reserve
> > the absolute right to perform SMTP relay and open
> > proxy server tests upon the connecting IP address, to
> > ensure that the machine at that IP address cannot be
> > abused for malicious purposes."
> >
> >
> > http://securityscan.sec.rr.com/probing.htm
> > http://24.30.199.228/probing.htm
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you're looking for faster
> http://search.yahoo.com
---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get
$545 off
> any course! All of our class sizes are guaranteed to be 10 students
or
> less
> to facilitate one-on-one interaction with one of our expert
instructors.
> Attend a course taught by an expert instructor with years of
in-the-field
> pen testing experience in our state of the art hacking lab. Master
the
> skills
> of an Ethical Hacker to better assess the security of your
organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html

>
----------------------------------------------------------------------------
>


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your
organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



NOTICE:
The contents of this email and any attachments to it may contain privileged
and confidential information from BDO Seidman, LLP.  This information is
only for the viewing or use of the intended recipient.  If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution or use of, or the taking of any action in reliance upon, the
information contained in this e-mail, or any of the attachments to this
e-mail, is strictly prohibited and that this e-mail and all of the
attachments to this e-mail, if any, must be immediately returned to BDO
Seidman, LLP or destroyed and, in either case, this e-mail and all
attachments to this e-mail must be immediately deleted from your computer
without making any copies thereof.  If you have received this e-mail in
error, please notify BDO Seidman, LLP by e-mail immediately.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------