[Dshield] security.scan.sec.rr.com

Deb Hale haled at pionet.net
Wed Jun 18 20:15:44 GMT 2003


Thanks for the link.  That is an interesting web site.  I am having a
terrible problem with my ISP on my home account.  They are running Postini
to filter spam and it worked real well for a while.  Then they replaced the
mail server and ever since - the spam has started again. 40 to 50 per day
get to my inbox that have never been filtered by Postini.  I keep trying to
tell them that someone has found a hole now and are using the hole to spam
through (some of which is really disgusting :(- ).  They keep telling me
that Postini can't catch everything and so I have started to forward the
emails to them complete with headers to show them that they are not going to
Postini - they are going straight thru.  I for one am sick of spam - between
Postini and what gets into my inbox I get around 300 + spam per day.
Interesting that many of them show up in the list on this site.  So I
forwarded the link to this site to my ISP and forwarded the reports for
their domain to them. 

Anybody have any idea how to get ISP's to at least care if they have an open
relay that is allowing spammers to USE them?
I would appreciate input!  

Deb 

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Coxe, John B.
Sent: Wednesday, June 18, 2003 1:09 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] security.scan.sec.rr.com


Lots of SQL Slammers, ... as well...

http://www.mynetwatchman.com/mynetwatchman/ListAllOpenIncidents.asp?Provider
Id=4&ReportType=P&AttackerIp=0&ReportPage=Provider

The idiots who don't know how to configure/secure/patch/monitor a service
are going to ultimately spoil it for others on those ISPs who are
responsible and actually frequenly provide a service to their communities
identifying threats.  I also wonder how many folks get nailed as running
exploitable systems when they have honeypots set up which, naturally, do
look like such.

-----Original Message-----
From: Doug White [mailto:doug at dwhite.ws]
Sent: Wednesday, June 18, 2003 9:55 AM
To: General DShield Discussion List
Subject: Re: [Dshield] security.scan.sec.rr.com


Very normal for RR

Their assertion:  "We reserve the absolute right to scan the origin of any
mail sent to the rr servers"

"If you object to this and wish to end the scanning, then do not send mail
to the rr. servers."

Now if they would give that much attention to the multiple open relays on
their system that is spewing spam in unprecedented quantities.

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
======================================
If you are not satisfied with my service, my job isn't done!

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list