[Dshield] dshield-based RBLs?

Brenden Walker BKWalker at DRBSystems.com
Tue Jun 8 19:07:03 GMT 2004


> -----Original Message-----
> From: John Hardin [mailto:johnh at aproposretail.com] 
> 
> 
> On Mon, 2004-06-07 at 13:26, ed.truitt at etee2k.net wrote:
> 
> > Why would an IP address that is spewing NetBIOS traffic (I thought 
> > NetBIOS traffic was supposed to be spewed ;-) be a spammer?
> 
> It's not necessarily a spammer (yet), but it's arguably 
> misconfigured and exposed; spewing NetBIOS traffic across the 
> Internet *could* be considered a good indicator of a system 
> that's about to be compromised.
> 
> I'd certainly consider it an indicator of a system *I* don't 
> want to receive mail from...

When I see those I usually check for printers, and attempt to print a nice
warning on their printer suggesting they turn off NetBIOS entirely.  Nothing
puts the fear of being hacked into somebody like that.



More information about the list mailing list