Re: CRIME Port scanning from an ISP

From: Crispin Cowan (crispin@private)
Date: Wed May 28 2003 - 17:08:04 PDT

Next message: George Heuston: "CRIME Meeting 10 June @ 10AM @Verizon"

Previous message: Keith Proffitt: "Re: CRIME Port scanning from an ISP"
In reply to: Andrew Plato: "CRIME Port scanning from an ISP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems like a good concept and a bad implementation:

    * Good concept: it's one way to reject spam. Do a real-time test of
      the sending SMTP node to see if it is an open relay.
    * Bad implementation: you don't need to /repeatedly/ do this scan,
      you can cache results and do it occasionally.

Andrew implies that XXXXX is practically DoS'ing him with massive port 
scans. Is it perhaps the case that XXXXX is just port-scanning Anitian 
once per mail that Anitian sends XXXXX?

Philosophy: never ascribe to malice that which can be explained by 
stupidity.

With that in mind, the fact that Anitian is sending mail to XXXXX only 
in the form of bounces generated by spam oritinating from XXXXX is 
actually beside the point, if just a little ironic :-)

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

Next message: George Heuston: "CRIME Meeting 10 June @ 10AM @Verizon"
Previous message: Keith Proffitt: "Re: CRIME Port scanning from an ISP"
In reply to: Andrew Plato: "CRIME Port scanning from an ISP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 28 2003 - 17:42:52 PDT