Skip to main content

The curious case of Spamhaus, a port scanning scandal, and an apparent U-turn

posted onApril 17, 2019
by l33tdawg
The Register
Credit: The Register

 In recent months, several security researchers have said Spamhaus has been automatically blocking people for carrying out legitimate network port scanning and failed to provide a prompt means of redress.

Spamhaus, a non-profit provider of blocklists and cyber-threat detection, insists nothing like that has happened at all. "The claim you are asking about is, in the politest words we can describe it, unadulterated codswallop," said Spamhaus ops administrator Luc Rossini in an email to The Register. "While Spamhaus does have a policy of listing sources of malicious port scanning (the key word being 'malicious'), our systems simply do not work the way this individual thinks."

"This individual" refers to Vincent Canfield, who runs server hosting and consultancy biz Ovo.sc, and recently penned a post detailing alleged problems with Spamhaus. "Spamhaus is listing all port scanning traffic without verifying the traffic comes from where it says," Canfield states in his post. "Instead of checking for e.g. banner scans, which require a TCP handshake or two-way UDP interaction, Spamhaus' honeypot servers are blacklisting all TCP SYNs it sees."

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th