anti-spam vs network abuse
Charlie Clemmer
cclemmer at nexgennetworks.com
Fri Feb 28 21:13:49 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
>Why is probing networks wrong?
Depends on why you're doing the probing.
If you're randomly walk up to my house and check to see if the door is
unlocked, you better be ready for a reaction. Same thing with unsolicited
probes, in my opinion. Can I randomly walk up to your car to see if it's
unlocked without getting a reaction out of you?
Where this thread got started, the scenario was around if I connect to your
SMTP server to attempt to relay mail, is it then right to probe me for open
relays and so forth. In that case, I can see the reasoning, as I initiated
the connection, so you're checking to see if I'm sane or not. The line gets
drawn though as to how much probing is reasonable ... can you probe my
system for ALL open ports/exploits just because I tried to send mail
through you, or can you probe all machines that fit in my address range
(and how do you determine my address range?) ... that's where the larger
debate comes in.
I have servers hosted at shared colo facilities. If you were to scan the
entire netblock for my colo provider because a different customer at the
same facility tried to send mail through you, how am I to determine your
cause, or determine that it was not a scan for a vulnerability?
Just my opinions ...
Charlie
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPl/RFKvEtUU05riwEQJV8gCaAkCTqzaB2BtbAqrcG2IGf4O/tfoAoKEd
NSQGE2TuArNzErLNXHacGPmS
=hndb
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list