[TriLUG] Somewhat OT: [Fwd: FC: Email a RoadRunner address, get scanned by their security system]

Jon Carnes jonc at nc.rr.com
Fri Mar 14 16:58:13 EST 2003


I'm glad Road Runner is doing their part to protect the net. :-)


On Fri, 2003-03-14 at 16:44, lfwelty wrote:
> Can anyone local comment?
> 
> Don't get yourself in trouble w/ ...
> Just interested in a local perspective.
> 
> [disclaimer: I assume all posts are personal opinions unless
>   explicitly stated otherwise. Do not assume everyone else will
>   take this position.]
> -- 
> ------------------------------------------------------------------
> Frank Welty                |  15401 Weston Parkway, Suite 150
> lfwelty at redback.com        |  Cary, NC 27513
> Redback Networks           |  desk:919.678.2175 m: 919.264.7495
> ------------------------------------------------------------------
> ----
> 

> From: Declan McCullagh <declan at well.com>
> To: politech at politechbot.com
> Subject: FC: Email a RoadRunner address, get scanned by their security system
> Date: 14 Mar 2003 15:25:46 -0500
> 
> 
> ---
> 
> Date: Fri, 14 Mar 2003 15:22:24 -0500
> Subject: RoadRunner Automated Portscans
> From: Gunnar Hellekson <gunnar at onepeople.org>
> To: declan at well.com
> 
> After sending an email to a friend at a RoadRunner address, I see this in 
> my web access log:
> 
> 24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25 
> HTTP/1.0" 404 535 "" ""
> 
> Basically, RoadRunner tried to spam themselves using my server.  I mailed 
> abuse at rr.com about this, and received a canned response, enclosed.  It's a 
> humble response, but woefully inadequate.  Have anti-spam measures come to 
> this?  This seems like an ill-considered compromise between privacy and 
> anti-spam efforts.  A blunt instrument that betrays less-than-careful 
> thinking.  The opt-out option, which was revealed only after my complaint, 
> is even more obnoxious.
> 
> Under their logic, I feel entitled to poke and prod their customers, just 
> to make sure they don't spam me.  Is that fair?  I promise to provide an 
> opt-out if anyone complains.
> 
> I'm curious whether this preemptive measure is effective at all.
> 
> -Gunnar
> 
> >From: "Road Runner Security \[DSR\]" <abuse at rr.com>
> >Date: Fri Mar 14, 2003  2:05:12 PM America/New_York
> >Subject: Re: Port scans?
> >
> >Hello,
> >
> >The securityscan.sec.rr.com machine is a Road Runner Security resource that
> >is used as a tool to assist us in determining if machines being used to
> >send us mail may be abused from outside sources, allowing them to be used
> >to spam our customers and role accounts. We fully understand your concerns
> >surrounding the probing of your machine. This issue has been raised
> >internally and we hope this email helps you better understand our process.
> >
> >The intention of this process is truly not meant to be a "big brother"
> >system, but we understand that some may view it as such. Our ultimate goal,
> >however, is to protect our network, our customers, and our role accounts.
> >
> >Road Runner has begin the REACTIVE testing of IP addresses which connect 
> >to its inbound SMTP gateways. If your machine connects to ours to send 
> >email, we reserve the absolute right to perform SMTP relay and open proxy 
> >server tests upon the connecting IP address to ensure that the machine at 
> >that IP address cannot be abused for malicious > purposes.
> >
> >These scans are done once per week per IP, via an automated process, and 
> >only on those servers that have sent our subscriber base mail. The only 
> >way for these tests to occur is if an IP address connects to our inbound 
> >SMTP gateway. If found to be an open proxy or smtp relay, the IP address 
> >will be blocked at our mail gateway borders with one of the following 
> >error messages:
> >
> >ERROR:5.7.1:550 Mail Refused - See 
> >http://security.rr.com/mail_blocks.htm#proxy
> >ERROR:5.7.1:550 Mail Refused - See 
> >http://security.rr.com/mail_blocks.htm#relay
> >
> >We understand that some entities may not wish to be scanned as part of this
> >automated process. If you do not wish to be tested by Road Runner, there
> >are two ways to accomplish this:
> >
> >1. Send an e-mail to 'donottest at security.rr.com' with the IP address that
> >you do not wish to be tested. Please note that if you are not the
> >designated contact for your IP address range (for example, if you are on a
> >cable modem, DSL, or dialup range), we will be unable to fulfill your
> >request for addition or removal.
> >2. Do not connect to our inbound SMTP servers. Again, this test is only
> >conducted on servers that connect to our servers.
> >
> >If you have any further questions, you can visit http://security.rr.com or
> >contact Road Runner Security via e-mail at 'spamblock at security.rr.com'
> >
> >Regards,
> >Road Runner Security
> 
> 
> 
> 
> 
> -------------------------------------------------------------------------
> POLITECH -- Declan McCullagh's politics and technology mailing list
> You may redistribute this message freely if you include this notice.
> To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
> This message is archived at http://www.politechbot.com/
> Like Politech? Make a donation here: http://www.politechbot.com/donate/
> -------------------------------------------------------------------------
> Declan McCullagh's photographs are at http://www.mccullagh.org/
> -------------------------------------------------------------------------
> 
> 





More information about the TriLUG mailing list