[TriLUG] Somewhat OT: [Fwd: FC: Email a RoadRunner address, get scanned by their security system]
lfwelty
lfwelty at redback.com
Fri Mar 14 21:25:31 EST 2003
my opinion:
(1) I don't think it's 'big-biznesses' job to protect the net or the stupid.
(1a) However, their resources are being drained by spam; so...
(2) It wouldn't hurt my feelings too much _except_ that I think this effectively
blocks anonymous remailers.?
Jeremy Portzer wrote:
> I'm not sure why everyone is so concerned about this.
>
> Road Runner has clearly stated their policy (they've been doing this for
> months, by the way, and the information is posted at
> http://security.rr.com/ ).
>
> As the email says, the scanning is 'reactive' and is fully within their
> right. Since (1) I'm sure you're not running an open relay and won't
> be blocked anyway, and (2) they provide a clear opt-out option; why get
> so excited?
>
> --Jeremy
>
> On Fri, 2003-03-14 at 16:44, lfwelty wrote:
>
>>Can anyone local comment?
>>
>>Don't get yourself in trouble w/ ...
>>Just interested in a local perspective.
>>
>>[disclaimer: I assume all posts are personal opinions unless
>> explicitly stated otherwise. Do not assume everyone else will
>> take this position.]
>>--
>>------------------------------------------------------------------
>>Frank Welty | 15401 Weston Parkway, Suite 150
>>lfwelty at redback.com | Cary, NC 27513
>>Redback Networks | desk:919.678.2175 m: 919.264.7495
>>------------------------------------------------------------------
>>----
>>
>
>
>>From: Declan McCullagh <declan at well.com>
>>To: politech at politechbot.com
>>Subject: FC: Email a RoadRunner address, get scanned by their security system
>>Date: 14 Mar 2003 15:25:46 -0500
>>
>>
>>---
>>
>>Date: Fri, 14 Mar 2003 15:22:24 -0500
>>Subject: RoadRunner Automated Portscans
>>From: Gunnar Hellekson <gunnar at onepeople.org>
>>To: declan at well.com
>>
>>After sending an email to a friend at a RoadRunner address, I see this in
>>my web access log:
>>
>>24.30.199.228 - - [13/Mar/2003:15:11:25 -0500] "CONNECT security.rr.com:25
>>HTTP/1.0" 404 535 "" ""
>>
>>Basically, RoadRunner tried to spam themselves using my server. I mailed
>>abuse at rr.com about this, and received a canned response, enclosed. It's a
>>humble response, but woefully inadequate. Have anti-spam measures come to
>>this? This seems like an ill-considered compromise between privacy and
>>anti-spam efforts. A blunt instrument that betrays less-than-careful
>>thinking. The opt-out option, which was revealed only after my complaint,
>>is even more obnoxious.
>>
>>Under their logic, I feel entitled to poke and prod their customers, just
>>to make sure they don't spam me. Is that fair? I promise to provide an
>>opt-out if anyone complains.
>>
>>I'm curious whether this preemptive measure is effective at all.
>>
>>-Gunnar
>>
>>
>>>From: "Road Runner Security \[DSR\]" <abuse at rr.com>
>>>Date: Fri Mar 14, 2003 2:05:12 PM America/New_York
>>>Subject: Re: Port scans?
>>>
>>>Hello,
>>>
>>>The securityscan.sec.rr.com machine is a Road Runner Security resource that
>>>is used as a tool to assist us in determining if machines being used to
>>>send us mail may be abused from outside sources, allowing them to be used
>>>to spam our customers and role accounts. We fully understand your concerns
>>>surrounding the probing of your machine. This issue has been raised
>>>internally and we hope this email helps you better understand our process.
>>>
>>>The intention of this process is truly not meant to be a "big brother"
>>>system, but we understand that some may view it as such. Our ultimate goal,
>>>however, is to protect our network, our customers, and our role accounts.
>>>
>>>Road Runner has begin the REACTIVE testing of IP addresses which connect
>>>to its inbound SMTP gateways. If your machine connects to ours to send
>>>email, we reserve the absolute right to perform SMTP relay and open proxy
>>>server tests upon the connecting IP address to ensure that the machine at
>>>that IP address cannot be abused for malicious > purposes.
>>>
>>>These scans are done once per week per IP, via an automated process, and
>>>only on those servers that have sent our subscriber base mail. The only
>>>way for these tests to occur is if an IP address connects to our inbound
>>>SMTP gateway. If found to be an open proxy or smtp relay, the IP address
>>>will be blocked at our mail gateway borders with one of the following
>>>error messages:
>>>
>>>ERROR:5.7.1:550 Mail Refused - See
>>>http://security.rr.com/mail_blocks.htm#proxy
>>>ERROR:5.7.1:550 Mail Refused - See
>>>http://security.rr.com/mail_blocks.htm#relay
>>>
>>>We understand that some entities may not wish to be scanned as part of this
>>>automated process. If you do not wish to be tested by Road Runner, there
>>>are two ways to accomplish this:
>>>
>>>1. Send an e-mail to 'donottest at security.rr.com' with the IP address that
>>>you do not wish to be tested. Please note that if you are not the
>>>designated contact for your IP address range (for example, if you are on a
>>>cable modem, DSL, or dialup range), we will be unable to fulfill your
>>>request for addition or removal.
>>>2. Do not connect to our inbound SMTP servers. Again, this test is only
>>>conducted on servers that connect to our servers.
>>>
>>>If you have any further questions, you can visit http://security.rr.com or
>>>contact Road Runner Security via e-mail at 'spamblock at security.rr.com'
>>>
>>>Regards,
>>>Road Runner Security
>>
>>
>>
>>
>>
>>-------------------------------------------------------------------------
>>POLITECH -- Declan McCullagh's politics and technology mailing list
>>You may redistribute this message freely if you include this notice.
>>To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
>>This message is archived at http://www.politechbot.com/
>>Like Politech? Make a donation here: http://www.politechbot.com/donate/
>>-------------------------------------------------------------------------
>>Declan McCullagh's photographs are at http://www.mccullagh.org/
>>-------------------------------------------------------------------------
>>
>>
--
------------------------------------------------------------------
Frank Welty | 15401 Weston Parkway, Suite 150
lfwelty at redback.com | Cary, NC 27513
Redback Networks | desk:919.678.2175 m: 919.264.7495
------------------------------------------------------------------
More information about the TriLUG
mailing list