On Thu, Feb 06, 2003 at 09:42:52PM -0800, Paul Johnson wrote: > On Thu, Feb 06, 2003 at 06:19:33PM +0000, Colin Watson wrote: > > It's from scanner.abuse.blueyonder.co.uk, in fact. I guess this is the > > original poster's ISP; certainly it seems highly unlikely to be > > malicious. > > By the kind of activity and the hostname, I'd say just reject > unversially on this one. ISP shouldn't be caring what services are > running, and if they do, well, then everything will be closed to them. The ISP shouldn't care? Why not? I'd like more ISPs to proactively find out what is going on in their network, and thus be able to stop security threats when they occur. Too many ISPs have no abuse contact, no security team, and no clue. If you're concerned that some ISP is going to enforce a "no server" AUP, then that's different (sort of); OTOH it is their network and you (presumably) agreed to the AUP. I've never understood why ISPs sell bandwidth unmetered and then punish you for using "too much"; apparently that's why I'm not in marketing. We scanned the hell out of our network when I worked at a cable ISP and found more than one skript kiddie that way. We left honest people alone. -- Nathan Norman - Incanus Networking mailto:firstname.lastname@example.org A good plan today is better than a perfect plan tomorrow. -- Gen. George S. Patton, Jr.
Description: PGP signature