Firewall Wizards mailing list archives
Re: Automated reverse probes
From: Aaron Turner <aturner () vicinity com>
Date: Wed, 19 Apr 2000 10:22:00 -0700 (PDT)
On Thu, 13 Apr 2000, Pete Philips wrote:
Hi all. I'd be interested to hear opinions on the following. I have noticed a particular site that automatically initiates a reverse traceroute when mail is delivered to it's primary MX machine. * Is this common? I've not seen it before.
No, not really. Surprising? No, not really.
* Would you consider it a hostile action?
No. Traceroute is a debugging tool, not often used to attack.
* Does it break any RFCs / accepted good practices?
No RFC's that I know of. I can't think of any "accepted good practices" that it's breaking either.
I certainly didn't think it was very polite!
Is the traceroute hurting you? Eating excessive bandwidth? Prolly not. My guess is that the guy is trying to determine network path/latency to other systems in order to test his own ISP. Hooking that into the mail server makes a lot of sense since it provides relvant information (ie, if he doesn't talk to servers in China, then there's no reason to test them). I wouldn't worry about it. -- Aaron Turner aturner () vicinity com 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 http://www.vicinity.com
Current thread:
- Automated reverse probes Pete Philips (Apr 18)
- Re: Automated reverse probes Aaron Turner (Apr 20)