On Thu, 28 Dec 2000, Markus Stumpf wrote:
> This lists are irrelevant for attacks and security through obscurity is
> no security at all.
The peoples, who manages with RBL could inform admin of tested
host prior to begin such tests. If test had presented insecurity or
open relay possibilities, ORBS admins could have informed me about
them first prior to inform all peoples about them to write it
on data base. I'd like to pay your attention to this fact, that
all cases to connect to my smtp to use it other than for sending
or receiving e-mail (for instance to the test without to inform me about
them)
can be taken as hackers proof itself. Additionaly each case such
tests due to more acitivity of hackers. Should I report this without
reaction? I were in such case a bad administrator.
> Hackers will find your server regardless whether you are listed in a RBL
> list or not.
But you can this not excluded, that this listing would have been a good
direction for hackers, because it is public on WWW.
> Trying to "hide" is useless. Fix your systems. I personally have no
mercy ..
This was already made by me in September, when I have begun manage with
this server
(I have under my care more servers), but I will not idle to
look to logs, where are observed logs from ORBS tests' proofs common
with proofs of achieve my server on ftp or telnet. I suppose, that
I'm permited to request from ORBS to use my smtp only for provided
for it use - email sending or receiving. This same I wish me to
stop all tests. I think, I have a rhight to its...
Best Wishes
Piotr Kasztelowicz
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
