Re: Automated reverse probes

[Aaron Turner <aturner () vicinity com>]

On Thu, 13 Apr 2000, Pete Philips wrote:

> Hi all.
>
> I'd be interested to hear opinions on the following. I have
> noticed a particular site that automatically initiates a
> reverse traceroute when mail is delivered to it's primary
> MX machine.
>
> * Is this common? I've not seen it before.

No, not really.  Surprising?  No, not really.

> * Would you consider it a hostile action?

No.  Traceroute is a debugging tool, not often used to attack.

> * Does it break any RFCs / accepted good practices?

No RFC's that I know of.  I can't think of any "accepted good practices"
that it's breaking either.
 
> I certainly didn't think it was very polite!

Is the traceroute hurting you?  Eating excessive bandwidth?  Prolly not.
My guess is that the guy is trying to determine network path/latency to
other systems in order to test his own ISP.  Hooking that into the mail
server makes a lot of sense since it provides relvant information (ie, if
he doesn't talk to servers in China, then there's no reason to test them).

I wouldn't worry about it.   

-- 
Aaron Turner        aturner () vicinity com  650.237.0300 x252
Security Engineer                         Vicinity Corp.        
Cell: 408-314-9874                        http://www.vicinity.com