Open Relay Hunter

suitedup Uncategorized

Sounds dramatic doesn’t it?

Inevitably as part of working for any Internet Service Provider, you’re going to run up against people who are using servers but maybe aren’t quite paying attention. It’s a bit like driving up the M6. The vast majority of people are in their lanes, they indicate, they maneuver sensibly. Then … every few miles … yeah, you know the type. They wobble, they admire themselves in a mirror, and before you know it you’re sitting in a queue of traffic whilst the rest of the world tries to figure out how it happened.

It happens to the best of us and anyone who says their servers are completely secure are kidding themselves on. Each and every day new vulnerabilities and insecurities are coming to light and it’s as important as ever that you’re patching your servers and sniffing them for open ports. Unsecured (or worse, deliberately mis-configured) services running on servers are responsible for some of the most significant Internet slowdowns in recent history. They’re innocuous too. SMTP. Everyone sends email how can that be worrying? DNS. The Internet doesn’t really work without it, that can’t be dangerous? SSL. It’s specifically to keep us safe isn’t it!?

You’d think so huh? Wrong. Have a read at some of the more interesting stories:

Deep Inside a DNS Amplification Attack

The Return of the Open Relays

Our Problem

We’re always looking for ways to make sure our network is as clean from these vulnerabilities as possible. It’s not a simple job, particularly when large parts of our network are enthusiast or small business types. You can’t expect everyone to be a server expert!

We needed a neat and tidy way of quickly scanning some of our network ranges for common vulnerabilities without being overly intrusive or having to bother our customers who are running secure servers with unnecessary communications reminding them about the dangers of the internet!

A helpful bash script

To aid us in this task I knocked together a quick (and really quite ugly) script to kick off this process. After showing it to @dataforce he went ahead and made it a lot more usable day to day (and prettier …). And so on …

Open Relay Hunter on Github

It’s up there on Github so if you can think of ways to make it better or more usable, knock yourself out and get involved!

If you just want to make use of it to check your own server? That’s cool too!

Good luck, and remember, patch all of the things! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *