questionable practices (was Re: [H-GEN] Which ADSL provider ?)

Tony Nugent tony at linuxworks.com.au
Mon Apr 7 01:03:07 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Mon Apr 07 2003 at 07:18, Harry Phillips wrote:

> Sandra Milne wrote:
> > It was an accident that I didn't pick up until I asked a friend to
> > portscan me. I was very surprised though that he could see that I had
> > open ports and OptusNet had never sent us an email about it. They make a
> > big issue that they portscan us for our own 'protection' but they'd
> > never picked it up. Very strange that.
> 
> You believed it was for *your* protection ROTFLMAO.... <wipes eyes> they
> probably do port scan but they don't care if you are wide open and
> vulnerable.

Ahh, ever the cynic :-)

> The only thing they would be looking for would be you doing something
> that you agreed you wouldn't and they would lose money because you
> aren't on a more expensive plan.

That would certainly be a valid motive, but not necessarily the only
one.

I have telstra adsl (still:) and use sendmail on my gateway box for
outgoing email.  I regularly (perhaps monthly) notice "relay denied"
for IPs that are obviously internal to telstra admin sites.  (The
reverse lookups indicated that the IPs are static and not dynamic,
so they are not likely from another telstra client).  I've mentioned
this (in passing) to their helpdesk, they are indeed looking for
open mail relays.

In general I'm not all that impressed with telstra, but imho this is
a very good thing, and as a responsible ISP they _should_ be doing
things like that.  I have found that the only port blocks I have
seem to have are ICMP through the adsl network itself (their routers
- with 172.16/12 addresses - don't respond), and netbios (windows
networking protocol on ports 137-139).  I can happily live with
that.

But it does mean that I am otherwise vulnerable, so I need to make
sure that I allow only very limited network services to be
accessable on the adsl (internet) interface, and that these are all
adequately protected using tcp_wrappers or ACLs.  In my case, ssh is
the only openly accessable port; ip tunnels do the rest of the
magic:)

> Regards,
> Harry Phillips

Cheers
Tony

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list