[Dshield] How representative?

Henric Lindblad henric at alternera.se
Tue Mar 25 15:28:12 GMT 2003

Well to use you as a open relay you would have to have a interesting service
The services i listed was examples, not a complete list.


----- Original Message -----
From: "Chateauneuf" <dupape at bellatlantic.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Tuesday, March 25, 2003 3:57 PM
Subject: Re: [Dshield] How representative?

> At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
> >Honestly I don't think the average DSL/Cable subscriber gets many actual
> >"intrusion attempts"...
> >
> >They do get scanned a lot but most scans don't actually result in a
> >intrusion attempt.
> >
> >If they do then that DSL/Cable subscriber is most likely running a
> >"interesting" service. Such as Web server, SMTP, Proxy, FTP or SQL...
> >
> >Otherwise they will most likely be left alone.
> I'm not so sure that I agree. FWIW, I think that the difference between a
> port scan and an intrusion attempt is the level of security.
> My hypothesis is that a great many port scans are efforts to find
> open relays which can be used to send spam. In addition to relays I get
> quite a bit of activity on port 135. That is probably an attempt to send
> pop-up spam to MS Messenger.
> I get a fair amount of unsolicited traffic. I have a static IP (DSL). No
> web server, my ISP blocks port 80, no FTP. I run a secure mail server.
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list