[Dshield] dshield-based RBLs?
BKWalker at DRBSystems.com
Tue Jun 8 19:07:03 GMT 2004
> -----Original Message-----
> From: John Hardin [mailto:johnh at aproposretail.com]
> On Mon, 2004-06-07 at 13:26, ed.truitt at etee2k.net wrote:
> > Why would an IP address that is spewing NetBIOS traffic (I thought
> > NetBIOS traffic was supposed to be spewed ;-) be a spammer?
> It's not necessarily a spammer (yet), but it's arguably
> misconfigured and exposed; spewing NetBIOS traffic across the
> Internet *could* be considered a good indicator of a system
> that's about to be compromised.
> I'd certainly consider it an indicator of a system *I* don't
> want to receive mail from...
When I see those I usually check for printers, and attempt to print a nice
warning on their printer suggesting they turn off NetBIOS entirely. Nothing
puts the fear of being hacked into somebody like that.
More information about the list