North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Scanning (was Re: Stealth Blocking)
[ On Saturday, May 26, 2001 at 10:35:47 (-0400), Christopher A. Woodfield wrote: ] > Subject: Re: Scanning (was Re: Stealth Blocking) > > About two years ago the <vijay> promising local ISP </vijay> I worked > for saw the number or ORBS-listed hosts withing its netspace go from ~400 > to over 3,000 in one week. Hmmmm.... you don't say exactly, but two years ago you were probably seeing the results of manual list entries (perhaps even entered as netblocks). Back then you had to be really smart and look at the value of the A RR returned from a DNS query into the database to be able to tell the difference between a proper ORBS entry and one of the supplemental manual entries. These days it's much more difficult to confuse the mechanical part of ORBS with the ego part. > Among the listings was a class C where EVERY HOST, > 254 IPs, in the block was listed. Granted, each one was an open relay, but the > point is that each IP was individually relay tested. When questioned about > this, Alan Brown reponded that he had "received an unusually large number > of nominations" for hosts in our netspace. Uh huh. Sure. Do you have the mailer logs from those hosts? Can you prove that there was no other unauthorised use of them during the time *before* they were tested by ORBS? -- Greg A. Woods +1 416 218-0098 VE3TCP <[email protected]> <[email protected]> Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>
|