[Dshield] security.scan.sec.rr.com

Ed Truitt ed.truitt at etee2k.net
Sat Jun 21 03:03:34 GMT 2003

On Fri, 2003-06-20 at 12:46, Mrcorp wrote:
> Johannes is right, I was joking when I said that.  If we did that and it was organized from this
> group, we would be giving this group a bad reputation. 
> On the otherhand, what if one email to their abuse address does not work?  Then what?  We are
> faced with relentless spam email.  And no assistance from them.  Perhaps we need to take it a step
> further.  Email is only one way of communication.  perhaps someone would like to be a spokesperson
> and step up to conatct them.  Sure there are some costs, but it may be worth the aggrevation.
> Just a thought...
> mrcorp

Well, how about this.  Put a relevant notice on your web and SMTP
server, and whenever someone from rr.com sends your SMTP server an
email, then run a scan against them to see if they are running a secure
system (from an SMTP and proxy standpoint) or not.  If they aren't, then
forward the results to their NOC or abuse desk (depending on who they
prefer you communicate such info to), and point them to your "ToS/AUP"
that explains what you did and why.

Hoisting them on their own petard should be a completely ethical
activity and acceptable activity, IMHO.
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list