Mike,
It's against their "acceptable use policy" to run servers on @home, and that's
why they actively scan for servers--to avoid mail and usenet abuse. There's
the @work service though...
Ralph
look at this post, seen on the plug list awhile back:
>Return-Path: <[EMAIL PROTECTED]>
>From: "Michael A. Lane" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: RE: [PLUG] @Home scans
>Date: Sun, 25 Jun 2000 07:46:01 -0700
>X-MSMail-Priority: Normal
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901
>Importance: Normal
>Sender: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>
>Paul,
>I am a former tier 2 technician for @Home. They are merely scanning to see
>if there is a running server on their service as a server is against the
>acceptable use policy.
>
>Mike Lane
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
>Of Paul Heinlein
>Sent: Sunday, June 25, 2000 7:17 AM
>To: Portland Linux/Unix Group
>Subject: [PLUG] @Home scans
>
>I just got my @Home service hooked up yesterday. It went very smoothly,
>and the installation tech was quite happy that I was able to take care of
>the network settings myself (all the more so since he'd never even seen
>Linux before).
>
>Since my computer is now connected to the Internet all the time, I
>decided to modify my existing firewall a bit to log attempts at
>incoming connections.
>
>Last night -- the first night of service! -- my syslog recorded four
>attempts to find a news server on my machine. Here's the gist (slightly
>edited to remove info about my local host):
>
>Jun 24 23:34:40 kernel: Packet log: input - eth0 PROTO=6
>24.0.94.130:62006 <local ip>:119 L=44 S=0x00 I=30707 F=0x0000 T=246
>SYN (#7)
>Jun 24 23:35:05 kernel: Packet log: input - eth0 PROTO=6
>24.0.94.130:46945 <local ip>:119 L=44 S=0x00 I=30708 F=0x0000 T=246
>SYN (#7)
>Jun 25 03:58:56 kernel: Packet log: input - eth0 PROTO=6
>24.0.94.130:39908 <local ip>:119 L=44 S=0x00 I=25835 F=0x0000 T=246
>SYN (#7)
>Jun 25 03:59:15 billings kernel: Packet log: input - eth0 PROTO=6
>24.0.94.130:53003 <local ip>:119 L=44 S=0x00 I=25836 F=0x0000 T=246
>SYN (#7)
>
>A dns lookup on the remote host revealed an oddity:
>
>IP: 24.0.94.130
>Name: authorized-scan.security.home.net
>
>Anyway, I sent a message off to the @Home folks that contained a version
>of the information listed above and then some questions:
>
><hopefully-polite-sounding-note>
> Hmm. What's up? Your port scanner was looking for a news server (port
> 119) on my machine. I have a couple concerns in this regard:
>
> 1. I don't run a news server here, but I saw absolutely nothing in the
> Subscriber Agreement that prohibits it. Am I overlooking something?
>
> 2. In a similar vein, I saw nothing in the Subscriber Agreement that
> suggests that you'll be doing active port scans. What have I
> missed?
>
> I hope I'm not coming across as upset or angry. I'm more curious than
> anything. I have absolutely no interest in violating my @Home
> contract.
>
> If it's unacceptable for me to be running certain types of server
> daemons on my home computer, and if you'll be conducting port scans as
> a matter of policy, then I have two requests:
>
> * Could you provide me a more complete list of do's and don't's so I
> can avoid unacceptable activity on your network?
>
> * Could you provide me a list of IP addresses from which you will be
> performing port scans so I can let my intrusion-detection system
> know not to go bananas when scans from your authorized hosts?
></hopefully-polite-sounding-note>
>
>Any PLUGgers have any light to shed on what they might (or might not) end
>up telling me?
>
>Paul Heinlein
>[EMAIL PROTECTED]
>
At 12:06 PM 7/25/00 -0700, Michael Smith <[EMAIL PROTECTED]> wrote:
>Sorry, I reread this and have more to add:
>
>The licensing of @home is "strictly for home use" and not for any commercial
>use. Of course, if you work at home using @home (sorry, had to do that) but
>you are telecommuting, does that constitute commercial use? Geez, packets
>are packets. They don't know if they are coming from a server or a
>workstation. And what constitutes a server? Is an IA32 box running a mysql
>database a server?
>
>Honestly, I don't think they care if you do run servers, just as long as it
>isn't abused by alot of people who set up game servers or something else
>bandwidth-intensive.
>
>--Mike
>
>Franklin Hays wrote:
>
>> so they don't do any packet filtering or such to prevent servers? do they
>> have a specific policy *against* servers of any type? only asking because
>> I am currently using a dail-up and thinking of going to a DSL or cable
>> fulltime connection. my only worry is the ability (as far as being
>> allowd by the provider) to run a server off that connction, otherwise it
>> is basically useless to me.
>>
>> thanks for the info,
>>
>> /frank
>
