[56270] in North American Network Operators' Group
Re: anti-spam vs network abuse
daemon@ATHENA.MIT.EDU (up@3.am)
Sat Mar 1 10:46:40 2003
Date: Sat, 1 Mar 2003 10:45:07 -0500 (EST)
From: up@3.am
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0303010055010.12785-100000@redhat1.mmaero.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 1 Mar 2003 jlewis@lewis.org wrote:
> On Fri, 28 Feb 2003, Andy Dills wrote:
>
> > You don't have to. This is why I never understood why people care so much
> > about probing. If you do a good job with your network, probing will have
> > zero affect on you. All the person probing can do (regardless of their
> > intent) is say "Gee, I guess there aren't any vulnerabilities with this
> > network."
>
> When I hooked up my first server on the internet back in 1993, I was kind
> of shocked that some far away stranger was trying to log into my POP3
> server. Unwanted connections have been a fact of life on the internet
> probably since its beginning.
Maybe so, but I think any net admin should care if his hosts are being
probed, even if he is under the mistaken assumtion that those hosts are
invulnerable. If I see several ports being probed, I drop an email to
abuse@. It may well be innocent (I do it myself for valid reasons at
times), but it's good to let the respective abuse departments know what's
going on, for two reasons: 1) It gives them a heads up to keep an eye out
for other "suspicious" activity from that host/user. 2) it usually lets
that user know you're alert.
Call it "profiling", only based on "curiosity" instead of ethnicity :)
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
