Why did securityscan.sec.rr.com probe me?

Road Runner Security
security.rr.com

Why did securityscan.sec.rr.com probe me?

Road Runner scans IP addresses under two circumstances:

As part of our PROACTIVE scanning of all subscriber IP address space.
As part of our REACTIVE testing for open SMTP relays and Proxy servers of IP's that send mail to RR subscribers.

Road Runner REACTIVE testing
Open SMTP relays and proxy servers are a serious issue on the Internet today. Spammers routinely scan the Internet, searching for open relays and proxies, looking for open servers that allow them to spew their spam. The onslaught of such spam has led some providers to take additional steps to protect their networks from this problem. Road Runner is one such provider.
Accordingly, Road Runner has began the REACTIVE testing of IP addresses which connect to its inbound SMTP gateways. If your server connects to ours, we reserve the absolute right to perform SMTP relay and open proxy server tests upon the connecting IP address, to ensure that the machine at that IP address cannot be abused for malicious purposes.
These scans are done once per month per IP, and only on those servers that have sent our subscriber base mail. The only way for these tests to occur is if an IP address connects to our inbound SMTP gateway.
If an IP address is found to be an open SMTP relay or proxy, the IP address in question will be blocked at our mail gateway borders with the following error message:
ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#proxy
or
ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#relay
IF YOU DO NOT WISH TO BE TESTED:

Send mail to donottest@security.rr.com with the IP address that you do not wish to be tested. Please note that if you are not the designated contact for your IP address range (for example, if you are on a cable modem, DSL, or dialup range), we will be unable to fulfill your request for addition or removal.
Do not connect to our inbound SMTP servers. Again, this test is only conducted on servers that connect to our servers.

Road Runner Security in NO way attempts to circumvent your security or access the contents of your personal computer. We are not interested in its contents, nor what you do while you access the Internet.
Road Runner Security currently scans the following ports for services that may allow OTHER persons to access your systems and perform deeds that are detrimental to the Road Runner network, such as spamming, or attacking other Internet users.

Port 25: SMTP - Unsecured Mail Servers may allow Hijacking - This is when a third party relays mail through your mail server (usually it's Spam) without your permission. Our scanning process DOES attempt to test your mail server to see if it is vulnerable to third-party relay. If your mail server is found to be open to third party mail relay, it will be listed on our block database as described above.
Port 80: WWW - Some proxy applications can be used in Denial of Service attacks on other websites (such as "pay" sites). An attacker can "bounce" through your server, and then attack a third party, again making it appear as if YOU were the attacker. Some proxies also allow "pass-through" applications, such as SMTP and NNTP, to occur to your default SMTP or NNTP server. This allows outside parties to utilize Road Runner resources to spam, again making it look as if YOU are the culprit.
Port 81: WWW Proxy - Same as Port 80 above.
Port 1080: SOCKS versions 4 & 5 - Same as Port 80 above.
Port 3128: SQUID Web Proxy - Same as Port 80 above.
Port 4480: Proxy+ - Same as Port 80 above.
Port 6588: AnalogX - Same as Port 80 above.
Ports 8000, 8080, & 8081: WWW Proxy - Same as Port 80 above.

Road Runner PROACTIVE customer scanning
As part of its ongoing commitment to customer security, Road Runner regularly scans subscriber networks for open services which may be utilized by outside third parties. This is done on a regular basis, and subscribers do not have the ability to "opt-out" of our scanning process.
Road Runner Security in NO way attempts to circumvent your security or access the contents of your personal computer. We are not interested in its contents, nor what you do while you access the Internet.
Road Runner Security currently scans the following ports for services that may allow OTHER persons to access your computer and perform deeds that are detrimental to the Road Runner network, such as spamming, or attacking other Internet users.

Port 21: FTP - Unsecured Proxy Applications may allow third parties to "bounce" through your computer to another part of the Internet, making it appear to orginate from YOUR computer. Also, many anonymous FTP servers have serious security holes in them which may allow an attacker to gain control of your PC.
Port 23: Telnet - Some "WinGate" type proxy applications open the default telnet port and may allow proxy attacks.
Port 25: SMTP - Unsecured Mail Servers may allow Hijacking - This is when a third party relays mail through your mail server (usually it's Spam) without your permission. Our scanning process DOES attempt to test your mail server to see if it is vulnerable to third-party relay. If your mail server is found to be open to third party mail relay, the accounts 'root', 'postmaster', and 'administrator' @your.ip.address will receive a mail message about what steps you MUST take to secure your machine.
Port 80: WWW - Some proxy applications can be used in Denial of Service attacks on other websites (such as "pay" sites). An attacker can "bounce" through your server, and then attack a third party, again making it appear as if YOU were the attacker. Some proxies also allow "pass-through" applications, such as SMTP and NNTP, to occur to your default SMTP or NNTP server. This allows outside parties to utilize Road Runner resources to spam, again making it look as if YOU are the culprit.
Port 80: Nimda Virus - Nimda is a complex mass mailing virus which spreads itself in attachments called README.EXE which can affect Windows 95, 98, ME, NT4, and 2000 users. This scan is to determine and notify the customers of their current infection if any.
Port 119: NNTP - Unsecured NNTP (News) Proxy servers can be used by spammers to send thousands of Usenet messages through your computer, to your news server, making it appear as if YOU had done it.
Port 81: WWW Proxy - Same as Port 80 above.
Port 1080: SOCKS versions 4 & 5 - Same as Port 80 above.
Port 3128: SQUID Web Proxy - Same as Port 80 above.
Port 4480: Proxy+ - Same as Port 80 above.
Port 6588: AnalogX - Same as Port 80 above.
Ports 8000, 8080, & 8081: WWW Proxy - Same as Port 80 above.

Should Road Runner find any of these services enabled on your computer, we will notify your local division, who can assist you in securing your computer.
We hope that we can provide a valuable service to all customers with these proactive scans. By securing the Road Runner network from would-be attackers, Road Runner hopes to make your online experience more enjoyable and better than ever.
Further questions may be directed to security@rr.com