[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sylog Error Messages

On Thu, Feb 06, 2003 at 09:42:52PM -0800, Paul Johnson wrote:
> On Thu, Feb 06, 2003 at 06:19:33PM +0000, Colin Watson wrote:
> > It's from scanner.abuse.blueyonder.co.uk, in fact. I guess this is the
> > original poster's ISP; certainly it seems highly unlikely to be
> > malicious.
> By the kind of activity and the hostname, I'd say just reject
> unversially on this one.  ISP shouldn't be caring what services are
> running, and if they do, well, then everything will be closed to them.

The ISP shouldn't care?  Why not?  I'd like more ISPs to proactively
find out what is going on in their network, and thus be able to stop
security threats when they occur.  Too many ISPs have no abuse
contact, no security team, and no clue.

If you're concerned that some ISP is going to enforce a "no server"
AUP, then that's different (sort of); OTOH it is their network and you
(presumably) agreed to the AUP.  I've never understood why ISPs sell
bandwidth unmetered and then punish you for using "too much";
apparently that's why I'm not in marketing.

We scanned the hell out of our network when I worked at a cable ISP
and found more than one skript kiddie that way.  We left honest people

Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
  A good plan today is better than a perfect plan tomorrow.
          -- Gen. George S. Patton, Jr.

Attachment: pgpZQTJapiloT.pgp
Description: PGP signature

Reply to: