RE: SMTP Scans

From: Jimi Thompson (jimitat_private)
Date: Wed Apr 23 2003 - 20:15:57 PDT

Next message: aladin168: "Re: Trojan found..."

Previous message: Jose Nazario: "Re: protocol watcher"
In reply to: Mally Mclane: "RE: SMTP Scans"
Next in thread: Kurt Seifried: "Re: SMTP Scans"
Next in thread: Luc Somers: "RE: SMTP Scans"
Reply: Kurt Seifried: "Re: SMTP Scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 4:40 PM +0200 4/22/03, Mally Mclane wrote:
>Hi,
>
>--On Monday, April 21, 2003 6:50 PM -0400 Rob Shein 
><shotenat_private> wrote:
>
>>For the last few months our ISP (BT) has apparently been scanning our
>>mail  servers for open relays, this is happening up to
>>12 times a day across both Primary & Secondary mail servers.
>
>I don't condone this, but this is fairly common practice amongst UK ISPs.
>
>Regards,
>
>
>Mally Mclane
>RIPE NCC - Operations

Why the aggressive schedule?  For your "commercial" (as in - not end 
user) IP space, I would think that weekly or monthly should be 
sufficient.  Especailly considering that, as your ISP, they know the 
IP addresses of your mail servers, I find this to be excessive and 
would really like to know what they think they are combating.  It 
sounds like another bean counter making technical decisions again.

>
>
>
>----------------------------------------------------------------------------
>Attend Black Hat Briefings & Training Europe, May 12-15 in 
>Amsterdam, the world's premier event for IT and network security 
>experts.  The two-day Training features 6 hand-on courses on May 
>12-13 taught by professionals.  The two-day Briefings on May 14-15 
>features 24 top speakers with no vendor sales pitches.  Deadline for 
>the best rates is April 25.  Register today to ensure your place. 
>http://www.securityfocus.com/BlackHat-incidents 
>----------------------------------------------------------------------------


-- 
Thanks,

Ms. Jimi Thompson, CISSP, Rev.

"I'm a great believer in luck, and I find the harder I work, the more 
I have of it." -- Thomas Jefferson


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------

Next message: aladin168: "Re: Trojan found..."
Previous message: Jose Nazario: "Re: protocol watcher"
In reply to: Mally Mclane: "RE: SMTP Scans"
Next in thread: Kurt Seifried: "Re: SMTP Scans"
Next in thread: Luc Somers: "RE: SMTP Scans"
Reply: Kurt Seifried: "Re: SMTP Scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 10:18:19 PDT