[Dshield] What is my ISP doing?

Johannes Ullrich jullrich at euclidian.com
Fri Apr 9 13:57:22 GMT 2004

> I caught that late last year and wasn't sure what it was. I reported it to
> "abuse: at RR and got this back:

I agree that the logs that started this thread are showing
scans from another RR user, not scans from RR itself.

Anyway: In my opinion its a good thing if ISPs do these
proactive scans of their own customers. I don't have a 
RR AUP available, but I hope they put a provision to that
effect into it.

A more controversial technique is RoadRunner's habbit to
scan all mail servers that attempt to send mail to it for
open relays. Personally I am ok with that. But it is kind
of on the edge. (but not all that different from IRC servers,
who do this for a long time)

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
contact: http://johannes.homepc.org/contact.htm
There are two kinds of system administrators:
The first kind solves problems with little shell scripts.
The second kind are the problem.

More information about the list mailing list