Security Basics mailing list archives
RE: Legal? Road Runner proactive scanning.
From: "Mark Medici" <mark () dbma com>
Date: Fri, 12 Mar 2004 10:48:54 -0500
What could be considered "illegal" or "unethical" or even "unexpected" about scanning your own network for security vulnerabilities and prohibited services? Personally, I welcome any signs of responsible behavior from ISPs whom, as a category, seem to be mostly clueless on issues any more complicated setting-up Outlook Express and Netscape for email (maybe that's not fair, but my only contact with most of these organizations is via the call center). Remember, the ISP "owns" the network; you are only a subscriber. They drive the bus and collect the fare; you either enjoy the ride or get off and walk.
-----Original Message----- From: Mitchell Rowton [mailto:mrowton () bdo com] Sent: Thursday, March 11, 2004 5:11 PM To: bsampsel () libertyactivist org; security-basics () securityfocus com Subject: Re: Legal? Road Runner proactive scanning. I'm sure they could argue that a port scan was checking ports for
"open
proxies." Are they just scanning for port 25 or actually doing an
open
relay test? Same with proxy, are they just scanning for 8080 and
other
ports, or are they testing also? Sounds like they are abusing machines to find out if they can be "abused for malicious purposes.""Bryan S. Sampsel" <bsampsel () libertyactivist org> 03/10/04 06:58PMI've had entries from that system performing port scans...not simply SMTP relay checking. I think it's time to block 'em at the firewall, as I consider this tantamount to an attack myself. IMO, bryan Greg said:We saw the same thing about a year ago and contacted them. They basically read to us verbatim what you have below. We now simplyblockthat particular IP at the firewall. They haven't bothered us since. --- jbod <for_the_republic () yahoo com> wrote:Proactive scanning. If everyone did this how would you ever sort through your logs? Your IDS would go nuts constantly. Excerpt: "If your server connects to ours, we reserve the absolute right to perform SMTP relay and open proxy server tests upon the connecting IP address, to ensure that the machine at that IP address cannot be abused for malicious purposes." http://securityscan.sec.rr.com/probing.htm http://24.30.199.228/probing.htm__________________________________ Do you Yahoo!? Yahoo! Search - Find what you're looking for faster http://search.yahoo.com
------------------------------------------------------------------------ --
-Ethical Hacking at the InfoSec Institute. Mention this ad and get$545 offany course! All of our class sizes are guaranteed to be 10 studentsorless to facilitate one-on-one interaction with one of our expertinstructors.Attend a course taught by an expert instructor with years ofin-the-fieldpen testing experience in our state of the art hacking lab. Mastertheskills of an Ethical Hacker to better assess the security of yourorganization.Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------ --
--
------------------------------------------------------------------------ --
- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------ --
-- NOTICE: The contents of this email and any attachments to it may contain privileged and confidential information from BDO Seidman, LLP. This information is only for the viewing or use of the intended recipient.
If
you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any
action
in reliance upon, the information contained in this e-mail, or any of
the
attachments to this e-mail, is strictly prohibited and that this
and all of the attachments to this e-mail, if any, must be immediately returned to BDO Seidman, LLP or destroyed and, in either case, this
and all attachments to this e-mail must be immediately deleted from
your
computer without making any copies thereof. If you have received this
e-
mail in error, please notify BDO Seidman, LLP by e-mail immediately.
------------------------------------------------------------------------ --
- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your
organization.
Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------ --
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Legal? Road Runner proactive scanning. jbod (Mar 09)
- Re: Legal? Road Runner proactive scanning. Greg (Mar 10)
- Re: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 11)
- <Possible follow-ups>
- Re: Legal? Road Runner proactive scanning. Mitchell Rowton (Mar 11)
- Re: Legal? Road Runner proactive scanning. steve (Mar 12)
- RE: Legal? Road Runner proactive scanning. Aditya, ALD [Aditya Lalit Deshmukh] (Mar 15)
- RE: Legal? Road Runner proactive scanning. Mark Medici (Mar 12)
- RE: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 12)
- RE: Legal? Road Runner proactive scanning. Aditya, ALD [Aditya Lalit Deshmukh] (Mar 15)
- RE: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 12)
- Re: Legal? Road Runner proactive scanning. Gnuthad (Mar 15)
- RE: Legal? Road Runner proactive scanning. Mark Medici (Mar 15)
- RE: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 15)
- Re: Legal? Road Runner proactive scanning. Greg (Mar 10)