Hey gang,
Some ISPs, such as RR, appear to be implementing
what I personally would consider quite aggressive approaches to guarding their
network by implementing "proactive" scanning of non-customers, similar
to what's described at
http://security.rr.com/probing.htm
In this case, sending email to @rr.com appears to trigger
this scanning business (mind you, this is not about the scanning their subs
biz; I don't care to get into that in this thread).
But, the question is.. How many people here are
doing this sort of thing? And where does this stop, short of nmapping the
entire box?
Some time ago, when Code Red first came around,
discussions raged as to how to deal with it and other infestations of customer
owned/operated equipment. And this kind of is a different slant on the
same issue. Except that it goes quite a bit further than your own
prefixes.
I'm not looking to start a flamewar, I'm
interested in a discussion or consensus discovery of how far "proactive"
tasks can/should/shouldn't go.
Regards,
Christian