I only find it humorous that a majority of the network probes against my network come from RoadRunner cable modems as it is, yet they want to add to it by having their own server run a probe... Not that I email many RR customers as it is directly through my mail servers... I also enjoy the ironic humor in the fact my home network is on statically assigned DSL IP space that I hold forward and reverse DNS control for but by their own statements I could not opt-out even though it is SWIP'd to me but is a DSL allocation... No worries the only machines on my network that would send outgoing email are behind a NAT that does port forwarding so even if they connect back on port 80 from the IP that connects to port 25 on their server doesn't mean they're talking back to even the same machine here... In all fairness though looking at the top 15 source addresses my IDS has pick'd up lately... 9 of the 15 are from my own providers space and they don't even react to reports... 90% of the hits are still CodeRed no less... Jeremy On Fri, Mar 14, 2003 at 10:27:03PM -0600, Jack Bates wrote:
Sending email to many servers means that your mail server will be probed for open proxies and open relays. It's only seriously taboo when it leaves the actual connecting server to scan the rest of the network. This is why I posted previously about a centralized system so that we can limit these probes. In the case of RoadRunner, it is only inappropriate because RR themselves complains and throughs a fit about being probed, and yet they probe others.
-Jack