[Dshield] What is my ISP doing?
fightback at redline.comcast.net
Fri Apr 9 13:44:23 GMT 2004
Date: Fri, 9 Apr 2004 09:27:29 -0400
From: Jeff Kinz <fightback at kinz.org>
To: General DShield Discussion List <list at lists.dshield.org>
Subject: Re: [Dshield] What is my ISP doing?
On Fri, Apr 09, 2004 at 08:00:57AM -0500, Chuck Lewis wrote:
> I caught that late last year and wasn't sure what it was. I reported it to
> "abuse: at RR and got this back:
> The securityscan.sec.rr.com machine is a Road Runner Security resource
> -----Original Message-----
> On Behalf Of Paul Marsh
> Looks like RR scanning for open relays. I can't find it right
> now but somewhere on there site is a page detailing why they're doing
I don't think its his ISP doing a scan. The IP 184.108.40.206 resolves
to a dynamic assigned dialup port which has six positives in the the
various DNSBLs (http://openrbl.org/).
The IP for securityscan.sec.rr.com is 220.127.116.11, not
18.104.22.168. If it were securityscan.sec.rr.com doing a scan you
would very likely see a different IP.
Steve - if I were you I would put any IP addresses you see doing this
kind of activity in your IP-rejectlist within your firewall.
I have a script which scans my IP-Tables output and add IPs to my
rejectlist whenever they do this type of thing.
Jeff Kinz, Open-PC, Emergent Research, Hudson, MA.
More information about the list