Fairly rude surprise in logs this AM -- possible DoS attempt?
Alvin Oga
alvin at Mail.Linux-Consulting.com
Tue Jan 20 16:22:40 PST 2004
hi ya roy
On Tue, 20 Jan 2004, Roy S. Rapoport wrote:
> On Tue, Jan 20, 2004 at 07:25:54AM -0800, Alvin Oga wrote:
> > if you didn't send the initial (complaint) mail to them ( zonnet.nl ),
> > than they should not have been scanning you in the first place
>
> Yeah. Not to mention there shouldn't be hundreds and hundreds of tests --
> just one port 25 test.
yup..
list of open relay tests and list of open relays and other blah
http://www.Linux-Sec.net/Mail/OpenRelay/
PaladinCorp does a good job of online web-based open relay tests
> Actually, RR does something similar to this -- testing senders of email to
> make sure they're not open relays.
am assuming rr referenced here is reverse dns entries
having or not having rr does not mean they are open relays or not ??
and rr is not needed to be a legit mail server ( of all the odd things ot
leave off the stmp rfc, it should be but oh well, 30 yr old ideas )
> And they don't advertise their results either.
thats what makes it all fishy, and that they scan to test for openrelays
> Frankly, one reciprocal test feels like it's OK for me -- if I'm trying to
> send something through your system, I feel that you have the right to try
> to send something through mine. Tens of tests are not OK, and preemptive
> tests are not OK either.
:-)
or an excuse after the fact ... after having scanned the victim ( site
under tests )
am assuming david did NOT send any email prior to them scanning his
servers
c ya
alvin
More information about the Baylisa
mailing list