aturnervicinity.com

• Next message: Jason L. Esman: "RE: [fw-wiz] Transparent Proxy and IPChains"
• Previous message: Robert MacDonald: "Re: [fw-wiz] Help - FW-1 and FTP in DMz"
• In reply to: Pete Philips: "[fw-wiz] Automated reverse probes"
• Reply: Aaron Turner: "Re: [fw-wiz] Automated reverse probes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 Apr 2000, Pete Philips wrote:

> Hi all.
>
> I'd be interested to hear opinions on the following. I have
> noticed a particular site that automatically initiates a
> reverse traceroute when mail is delivered to it's primary
> MX machine.
>
> * Is this common? I've not seen it before.

No, not really. Surprising? No, not really.

> * Would you consider it a hostile action?

No. Traceroute is a debugging tool, not often used to attack.

> * Does it break any RFCs / accepted good practices?

No RFC's that I know of. I can't think of any "accepted good practices"
that it's breaking either.
 
> I certainly didn't think it was very polite!

Is the traceroute hurting you? Eating excessive bandwidth? Prolly not.
My guess is that the guy is trying to determine network path/latency to
other systems in order to test his own ISP. Hooking that into the mail
server makes a lot of sense since it provides relvant information (ie, if
he doesn't talk to servers in China, then there's no reason to test them).

I wouldn't worry about it.

-- 
Aaron Turner        aturnervicinity.com  650.237.0300 x252
Security Engineer                         Vicinity Corp.        
Cell: 408-314-9874                        http://www.vicinity.com

• Next message: Jason L. Esman: "RE: [fw-wiz] Transparent Proxy and IPChains"
• Previous message: Robert MacDonald: "Re: [fw-wiz] Help - FW-1 and FTP in DMz"
• In reply to: Pete Philips: "[fw-wiz] Automated reverse probes"
• Reply: Aaron Turner: "Re: [fw-wiz] Automated reverse probes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]