Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: rr style scanning of non-customers

  • From: jlewis
  • Date: Fri Jun 13 22:53:36 2003

On Fri, 13 Jun 2003, Kuhtz, Christian wrote:

> Some ISPs, such as RR, appear to be implementing what I personally would
> consider quite aggressive approaches to guarding their network by
> implementing "proactive" scanning of non-customers, similar to what's
> described at
> 
>     http://security.rr.com/probing.htm <http://security.rr.com/probing.htm> 
> 
> In this case, sending email to @rr.com appears to trigger this scanning
> business (mind you, this is not about the scanning their subs biz; I don't

Proactive = scanning for open systems before they come to you.
Reactive = scanning the IPs that connect to you to see if they're open.

They spell this out very clearly on the page referenced above and say that 
they're doing proactive scanning of their own network and reactive 
scanning of the rest of the internet.  Do you have any reason to believe 
they're not doing as they say?

Is it time for the monthy nanog spam debate again already? :)

Unfortunately, what they're looking for is only a small sub-set of the 
commonly used ports by various proxy software typically installed wide 
open on broadband connected systems.  If they're serious about reactive 
scanning, they ought to either update the ports tested or just ally with 
one of the various dnsbls that does this sort of testing (less/more 
effective testing would be the result).

The last time this topic came up, it was suggested by others that either 
trojan or virus software was installing/creating open proxies.  I wrote 
that off as people being overly paranoid.  I'm sorry to say that I now 
know this to be true and have seen many installations of at least one 
strain of such proxy software.
 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.