Re: Scanned for open relay ?
From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 08/01/03
- Next message: nicky: "Re: Virtual Private Network - Beware it's a Hackers Secret"
- Previous message: Lars M. Hansen: "Re: Scanned for open relay ?"
- In reply to: David: "Re: Scanned for open relay ?"
- Next in thread: David: "Re: Scanned for open relay ?"
- Reply: David: "Re: Scanned for open relay ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 01 Aug 2003 10:42:35 GMT
On Fri, 01 Aug 2003 04:08:17 GMT, David spoketh
>And you blindly believe what someone says on a website. Particularly a site
>so poorly done.
I don't see what the quality of the design of their website has to do
with anything. Since this is a volunteer, not-for-profit organization, I
guess they have other things to spend their time and money on than web
design. And I don't blindly believe what anyone says. The only reason
why I vouch for njabl.org, is that I've used their services in the past,
their lists works, and it cuts down on spam.
>They keep a list of open proxies. It seems to me that does more harm than
>good.
>Any spammer,hacker, or crook can go to these types of lists and find their
>next target.
The lists are not available for download. You'll either have to search
using the online tool (one IP at a time), or by querying their DNS
server.
>People/groups like this are either are either posing as something they are
>not or doing more harm then good.
RBL groups are not posers. They have identified spammers, and are
allowing other people to block spam based on what they know. From where
I'm sitting, that's a good thing.
>If you had a port mistakenly exposed would you want someone else publishing
>it on the web?
But, they're not publishing anything.
>
>It is ridiculous to filter the IP addresses of these automated scans in a
>firewall because after you have seen a few thousand IP addresses probing for
>specific services or the usual worm and trojan ports you would end up with
>an extremely inefficient firewall. In particular these personal firewalls in
>which putting an IP address into a restricted zone means every packet has to
>be checked against that address. Not bad with a few addresses in there but
>as one's paranoia rises the hit becomes rather large. It is another thing if
>someone is knocking at a whole slew of ports fishing for anything they can
>find or if someone is throwing vulnerability scripts at a public service,
>but automated probes to blocked ports are generally harmless.
Totally agree with you.
>
>I'm not much for dshield but I have read that they will contact the ISP's of
>these scanners and complain so that may not be a bad thing in this case.
>They got a few other groups shut down that were claiming to be "policing"
>the web like this.
So, people who contribute to the blocking of spam are "policing" the
web, while people who report (mostly) harmless port probes are not? What
if the automated process of reporting was wrong? What if they reported
the probe to the wrong ISP or to the wrong hosting company or the wrong
domain? Are they still doing a good job?
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
- Next message: nicky: "Re: Virtual Private Network - Beware it's a Hackers Secret"
- Previous message: Lars M. Hansen: "Re: Scanned for open relay ?"
- In reply to: David: "Re: Scanned for open relay ?"
- Next in thread: David: "Re: Scanned for open relay ?"
- Reply: David: "Re: Scanned for open relay ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
