[Dshield] ...so much hurt trough hacking one day...

Bruce Lilly blilly at erols.com
Sat Nov 30 16:26:46 GMT 2002


> From: Bruce Campbell <bruce.campbell at ripe.net>
> Date: Wed, 27 Nov 2002 22:30:02 +0100 (CET)

> Whoa there boy.  If your computer is making connections to the Internet
> (outgoing smtp etc), you're probably going to be automatically tickled on
> your ident port (depending on what the remote machine is doing).
> 
> So submitting logs to dshield regarding ident requests coming in from
> machines that you have made an outgoing connection to is a bit on the
> hypocritical side.

Not at all. In the first place, port 113 is not involved directly in SMTP,
FTP, etc. and is not required for those protocols.  In the second place,
many ISPs prohibit non-commercial end users from running servers, and an
auth server is obviously a server.  In the third place, connection as a
client to a specific service should not be construed as authorization for
a port scan of the client by the server -- many spammers and hackers have
web sites; would you wnat a connection to such a site to automatically
target you for probes of your IP address?

Because of the second issue, which is not uncommon for non-commercial
terms of service, a substitute ident server is not an option.




More information about the list mailing list