[Dshield] Port 135

David Kennedy CISSP david.kennedy at acm.org
Thu Oct 17 20:09:03 GMT 2002


At 10:07 AM 10/17/02 -0700, John Hardin wrote:
>Ignorance perhaps, clumsiness perhaps, but not authorization. Thus the
>access is unauthorized.

Indeed.

There have been cases brought against spammers abusing open mail proxies.
The victim intended to have a mail server.  The victim did not intend to
have that server abused by others.

Leaving 135-139 unblocked does not constitute authority abuse services thus
exposed.

IANAL, YMMV.


-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.




More information about the list mailing list