Fairly rude surprise in logs this AM -- possible DoS attempt?

Roy S. Rapoport rsr at inorganic.org
Tue Jan 20 09:28:00 PST 2004


On Tue, Jan 20, 2004 at 07:25:54AM -0800, Alvin Oga wrote:
> if you didn't send the initial (complaint) mail to them ( zonnet.nl ),
> than they should not have been scanning you in the first place

Yeah.  Not to mention there shouldn't be hundreds and hundreds of tests --
just one port 25 test.

> it's odd that they scan the sender of emails ...
> 	what would be the point ?
> 	- are they collecting a list of open proxy ???
> 
> 	- why not make that "list of daily thousands of open proxy"
> 	available so that we all can use it as an rbl, since they've
> 	already verified its an open proxy and they received "spam"

Actually, RR does something similar to this -- testing senders of email to
make sure they're not open relays.  And they don't advertise their results
either.

Frankly, one reciprocal test feels like it's OK for me -- if I'm trying to
send something through your system, I feel that you have the right to try
to send something through mine.  Tens of tests are not OK, and preemptive
tests are not OK either.

As for advertising ... look, obviously, it'd be a nice thing, but I can see
a whole bunch of reasons not to, including legal liability, support
headaches, and becoming a DDoS target.  And frankly, testing for open relay
is a lot more palatable to me than the "send us your IPs" folks.

-roy



More information about the Baylisa mailing list