I am inclined to agree with this point. Its certainly a noisy and nosy way to do business. However, port scans are not particularly dangerous and in this case, while they were excessive, they didn't quite meet the DoS level. Suffice to say, I haven't heard much from that ISP in a while. I blocked their scanner at my border so all they get back from us is silence. That much said, its still a dumb policy. As one person pointed out, a lot of the ports they were scanning do not have anything to do with open relays. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation Enterprise Security & Infrastructure Solutions 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ > -----Original Message----- > From: Jeff Bryner [mailto:jbryner1@private] > Sent: Wednesday, May 28, 2003 2:56 PM > To: crime@private > Subject: Re: CRIME Port scanning from an ISP > > > I'd vote invasion/intrusion: since when does sending mail (or bouncing > it) justify what is essentially a DOS attack by port scanning > ports that having nothing to do with mail. > > To me that's like saying 'since you are sharing the road with > me when I drive, I reserve the right to check out the safety > of your car by disassembling it to see if it meets my standards.'
This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 20:48:47 PDT