Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Being Scanned

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Being Scanned

    My Firewall & IDS just went nuts being scanned by "proxyscan1.isomedia.com". I went to this site and was presented with the following:

    Why is proxyscan1.isomedia.com [66.114.137.17] attacking me?

    Open SMTP relays and insecure proxy servers are a serious issue on the Internet today. Spammers routinely scan the Internet, searching for open relays and proxies, looking for open servers that allow them to spew their spam. The onslaught of such spam has led some providers to take additional steps to protect their networks from this problem.

    Accordingly, ISOMEDIA has begun testing of IP addresses which connect to its inbound SMTP gateways. If your server connects to ours, we reserve the absolute right to perform SMTP relay and open proxy server tests upon the connecting IP address, to ensure that the machine at that IP address cannot be abused for malicious purposes.

    These scans are done only on those servers that have sent our subscriber base mail. The only way for these tests to occur is if an IP address connects to our inbound SMTP gateway.

    ISOMEDIA currently scans the following TCP ports for services that may allow OTHER persons to access your systems and perform deeds that are detrimental to the ISOMEDIA network, such as spamming, or attacking other Internet users: 23, 25, 80, 81, 85, 1075, 1080 ,1180, 1181, 1182, 1282, 1813, 2280, 2281, 2282, 2283, 3128, 3330, 3331 ,3332, 4044, 4480, 5490, 6588, 7033, 7441, 8000, 8080, 8081, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788, and 22799

    ISOMEDIA in NO way attempts to circumvent your security or access the contents of your personal computer. We are not interested in its contents, nor what you do while you access the Internet.

    If you have further questions or problems, please contact us.

    ISOMEDIA Abuse Team

    abuse AT isomedia DOT com - 1 888 638 2680 extension 118
    Now in this 'disclaimer', they state:

    we reserve the absolute right to perform SMTP relay and open proxy server tests upon the connecting IP address, to ensure that the machine at that IP address cannot be abused for malicious purposes.
    My question is, I am under the understanding that scanning a company's computer systems without permission was/is illegal (or very unprofessional at least). How can they "reserve the absolute right" to scan my machines? I am considering contacting this company, but I want to make sure I have my facts straight.
    Anybody got any thoughts on this?

    Thanks
    DjM

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Did you at any time ever sign any kind of agreement with this company stating that they had permission to perform vulnerability scans?

    Very unprofessional indeed....how is that different from Joe Blow running port scans and pen testing? You would report that to your ISP, wouldn't you.

    And on a totally unrelated, yet parallel note...in electronics school, we learned how to build a device that would take the output from a standard police issue radar gun, amplify it, and send it back, effectively melting the detection mechanism.... not that I would EVER condone that type of behavior.

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by groovicus
    [B]Did you at any time ever sign any kind of agreement with this company stating that they had permission to perform vulnerability scans?
    Short answer, no. This is first time I have ever heard of this company. No one else in my organization would have signed anything like this either (they would have forwarded it to me).


    Cheers:
    DjM

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Accordingly, ISOMEDIA has begun testing of IP addresses which connect to its inbound SMTP gateways.
    Did you ever really connect to their SMTP gateway?

    If not, then some spammer may be spoofing you?

    I agree... very unprofessional. This is boarderline "hack back"?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Djm, I tend to agree that random scanning of machines attached to IP's that have connected to their servers is somewhat intrusive.

    Considering you've got people who are spoofing IP's, using Proxy chains, tapping into WiFi networks, and a plethora of other IP related exploits.
    This irritates me being that most of these connects to their server are probably the inadvertant action of some unsuspecting victim being spoofed, hijacked, etc. by spammers and crackers.

    Obviously, these people at ISOMEDIA feel the best way to deal with this is by scanning the connecting computer's IP for exploits/running services.
    All in all, if ISOMEDIA sends you a report detailing what exploits they found with the computer associated with that IP, then maybe it would be a good thing. kinda like a third party network scan who reports details that can help you (the user) better secure his/her system.

    Otherwise,without sharing the results, these people could just compile a huge database of domain ranges with the highest amount of exploitable users. Is that kind of information beneficial to anyone outisde of ISOMEDIA? and to what purpose would they use it for, if not to inform the user?

    Generally, I disagree with their method as just about *every* third party scan I ever did required my consent.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by phishphreek80
    Did you ever really connect to their SMTP gateway?

    If not, then some spammer may be spoofing you?

    I agree... very unprofessional. This is boarderline "hack back"?
    Connect is a relative term, anyone in my company could have sent an email that got routed through this SMTP gateway.

    Cheers:
    DjM

  7. #7
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    I would be interested in what they have to say.....

    From http://www.isomedia.com/about_us/press.shtml#apr_18_03

    They are an ISP with a anti-spam tool, so I guess scanning for open relays and blocking them (in their tool) is acceptable to them. They could also just be scanning random blocks of IP addresses and not be some sort of connect to us and you get scanned.

    I agree with you DjM. They shouldnt be scanning peoples networks.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  8. #8
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Me too, I just blocked them at the firewall.

  9. #9
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by RoadClosed
    Me too, I just blocked them at the firewall.
    I hope more people follow your example, this has me pissed right off. I have forwarded this to our lawyers to get their input. I am not sure there is anything we can do about it, but I'm sure as hell am going to try.

    Cheers:
    DjM

  10. #10
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207

    unprofessional yes, illegal no.

    Las I heard port scanning was legal in the U.S.
    http://www.securityfocus.com/news/126
    I would imagine you would end up with a similar result if you tried to charge/sue some one for port scanning in Canada.

    You might be able to get results by voicing your concerns to their up stream provider.
    Its not software piracy. I’m just making multiple off site backups.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •