On Thu, 27 Feb 2003 22:36:37 -0500 (EST), jlewis@lewis.org wrote:
This sort of activity is becoming more common / mainstream, so people ought to just get used to it. Road Runner is doing the same thing (according to http://sec.rr.com/probing.htm) which is pretty ironic given how their security department has gotten along with (or not) various DNSBLs in the past.
It has always been my opinion that if somebody connects to you, they are implicitly granting you the right to connect back to them on well-known ports. I have discussed this opinion with several dozen people and have yet to find one who disagrees. (Though I'm sure they're probably out there.) I've dealt with any number of abuse complaints, many from governmental and quasi-governmental group. They've all accepted my cut/pasted explanation and we've been whitelisted by several such organizations. I often use the following as the 'meat' paragraph of my reply: "In accord with our terms of service, when someone makes a connection to one of our machines, we make connections back to them to ensure they're not connecting through an open proxy. These connections are to each of the ports on which such proxies commonly run and some ports may require more than one connection to test multiple protocols. We never do such a probe except as a response to a connection made to us." -- David Schwartz <davids@webmaster.com>