At 13:00 20/06/2002 +1200, Picanmix wrote:
>[snip]
>Of course the problem is not just JetStream based. While
>people with dialup will not get high usage, they are leaving their machine
>exposed and could still be set up as a relay. I think dial is probably
>a bigger problem simply because there are more of them (and emails
>are small)

"emails are small" ?

>I am sympathetic to John. While port scanning was not 'polite' I don't
>think anyone would have paid attention without it.

And lets all wait till amendment 6 comes along..

Port Scanning is Port Scanning, Spam is Spam, the intentions behind don't
change the facts, if the AUP of his ISP says "Dont port scan !" then he
should have at LEAST contacted his ISP to discuss the issues and find out
if they would relax their AUP in this case

Simply because a Spammer sends me marketing drivel and tags at the end of
it that its not unsolicited because I somewhere, somehow asked for it -
does not change the simple fact that it is still Spam.

>The person I saw with FTP relay had deliberately opened up their FTP port
>on their modem but forgotten to close it when finished, and had left a
>default
>password on their FTP server. An they were relativey experienced!

um.. hang on, they opened up an ftp server, put an easily guess-able
password in place and had the server setup such that it would allow
relaying ? hmm.. experienced.. I think not grasshopper.

>Notifying the ISPs may have helped, but without the port scan I suspect
>most would have ignored. Again Telecom would be in a similar position
>but I don't think Telecom has an easy way to contact all their customers
>(they usually go through the media or the ISPs)

And what do you base this on ? Almost every ISP I know of would have taken
a notification like this and scanned their user DSL blocks, some would even
have put filters in place to prevent this from being probed from the
internet wild - I know I myself regularly scan all our netblocks for
customers running open mail relays, I know when we have other security
issues brought to our attention then we are in a position to act and tend
to do-so rather promptly, even if it is to simply send a mailout to all the
DSL based customers informing them to check their system settings.

An ISP is in a position to do this as the user is already an existing
customer, some sparmy IHUG customer sending this to our customer base is
not appreciated and would be treated the same as any other SPAM message I
get through my systems if found.

Oh.. and so much for not going to the media for 7 days or so.. I guess the
entire blackmail thing didn't stick then.. hmm.. ain't blackmail illegal
under NZ law ?

-- 
Steve.
-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message