|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Extreme spam testing
On Mon, 2003-12-22 at 16:55, Andy Dills wrote: > > > This is going to sound really snippy, but who died and made then > > god/goddess of the Internet? Where is the document trail empowering them > > to be spam cops of the Internet with absolute authority to probe who > > ever they see fit? > > This is a can of worms with no answer. Who gives authority to IANA for > that matter? That was my point. I was responding to someone that was implying that njabl was doing this for the benefit of everyone and thus had some authority to do so. Obviously that's not the case. > > Humm. This is something I have not run into before. Can you supply a URL > > that explains how to relay mail though a Telnet or RADIUS server? > > No, but I can supply a URL that explains how to change the port that proxy > servers bind to. I don't think you actually need that, though. > > You really think people who professionally hack servers and setup spam > relay proxies put them on the standard ports? Again, this was my point. Finding out if I have an exposed RADIUS server is not really evidence that I'm running an open SMTP proxy. So where does it stop? Scanning all 65K ports? Full OS fingerprinting to shun the most compromised OS's? Maybe we insist on being provided with root access to verify the box as being clean before we accept their e-mail? This slope can get pretty scary. > > LOL! I see, this is my fault because I actually take steps to secure my > > environment. ;-) > > No, but it is your fault for overreacting to your IDS. I honestly don't think I over reacted. My original post labeled the traffic as simply "interesting" and I stated I was posting it in case others were interested and had not noticed it in their logs. No call to arms, flames, or rants for wide spread blacklisting, just an FYI in case others found the info useful. > Security doesn't require an IDS. An IDS merely tells you who's checking > your doorknobs to see if they're locked. If you do a good enough job > keeping your doors locked, an IDS is little more than a touchy doorbell at > 3 AM, being tripped by the wind. An IDS is more like an empty box. One person may look at it and see a simple storage device. Show it to a 5 year old however and it becomes a boat, a plane, a car, a castle, etc. etc. etc. I mentioned in another thread that I've caught plenty of 0-day stuff with my IDS. In other words, stuff that had no known signatures or patches. Its also helped me out in a fair amount of troubleshooting. Its all a matter of being inventive and knowing what to look for. If you perceive your IDS to be "little more than a touchy doorbell", I would highly recommend attending SANS IDS training. It'll open your mind and show you a wealth of other possibilities. Regards, Chris
|