[22220] in North American Network Operators' Group
Re: heads up ... another imapd attack source
daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Tue Dec 15 01:33:21 1998
Date: Mon, 14 Dec 1998 22:07:59 -0800
From: "Craig A. Huegen" <chuegen@quadrunner.com>
To: Christian Nielsen <cnielsen@nielsen.net>,
Phil Howard <phil@whistler.intur.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.05.9812141638190.694-100000@matterhorn.nielsen.net>; from Christian Nielsen on Mon, Dec 14, 1998 at 04:53:30PM -0700
You will find this same situation with most cable modem providers
who give out "wingate" to users. There is a certain cable modem
provider who has significant amounts of open wingates on their network,
capable of being used from the outside.
Nothing is being done to close these, though, until they're abused.
Scanning for them is considered a 'breach of privacy' (rather than a
security assessment) and unfortunately allows people day after day to
abuse other systems with a very difficult-to-trace open relay.
I've been told that newer versions of wingate handed out by these
providers have disabled open relaying from the outside; however,
users can (and do) play and can easily misconfigure them to allow
access from anywhere.
/cah
On Mon, Dec 14, 1998 at 04:53:30PM -0700, Christian Nielsen wrote:
==>But, to this day, they still have an open relay on their cable modem network
==>that allows script kiddies from around the world to use them(1).
