anti-spam vs network abuse

Roy garlic at garlic.com
Sat Mar 1 01:49:25 UTC 2003


It isn't the probing that is illegal in California, its the unauthorized use of a
domain name especially in the from address.

http://law.spamcon.org/us-laws/states/ca/pc_502.shtml

9.Knowingly and without permission uses the Internet domain name
of another individual, corporation, or entity in connection with the
sending of one or more electronic mail messages, and ....


Andy Dills wrote:

> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
>
> > At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
> > >Why is probing networks wrong?
> >
> > Depends on why you're doing the probing.
>
> If so, why outlaw the act of probing? Why not outlaw "probing for the
> purposes of..."?
>
> > If you're randomly walk up to my house and check to see if the door is
> > unlocked, you better be ready for a reaction. Same thing with unsolicited
> > probes, in my opinion. Can I randomly walk up to your car to see if it's
> > unlocked without getting a reaction out of you?
>
> This is different. Metaphors applying networking concepts to real world
> scenarios are tenuous at best.
>
> In this case, your door being unlocked cannot cause me harm. However, an
> "unlocked proxy" can. Legit probes are an attempt to mitigate network
> abuse, not increase it. If there was a sanctioned body who was trusted to
> scan for such things, maybe this wouldn't be an issue. But there's not, so
> it's a vigilante effort.
>
> > Where this thread got started, the scenario was around if I connect to your
> > SMTP server to attempt to relay mail, is it then right to probe me for open
> > relays and so forth. In that case, I can see the reasoning, as I initiated
> > the connection, so you're checking to see if I'm sane or not. The line gets
> > drawn though as to how much probing is reasonable ... can you probe my
> > system for ALL open ports/exploits just because I tried to send mail
> > through you, or can you probe all machines that fit in my address range
> > (and how do you determine my address range?) ... that's where the larger
> > debate comes in.
>
> Actually, I think the debate starts with Paul telling Jon that Jon isn't
> passively scanning connection hosts, he's actively trawling for open
> proxies, that Paul has the logs to prove it, and that since Paul is in
> California, Jon has broken the law.
>
> Paul has only indicated his point of view objectively; he hasn't yet
> indicated he wants to do something about it (or that he personally feels
> that he should do something about it).
>
> > I have servers hosted at shared colo facilities. If you were to scan the
> > entire netblock for my colo provider because a different customer at the
> > same facility tried to send mail through you, how am I to determine your
> > cause, or determine that it was not a scan for a vulnerability?
>
> You don't have to. This is why I never understood why people care so much
> about probing. If you do a good job with your network, probing will have
> zero affect on you. All the person probing can do (regardless of their
> intent) is say "Gee, I guess there aren't any vulnerabilities with this
> network."
>
> Andy
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Andy Dills                              301-682-9972
> Xecunet, LLC                            www.xecu.net
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dialup * Webhosting * E-Commerce * High-Speed Access




More information about the NANOG mailing list