anti-spam vs network abuse
Michael Lamoureux
lamour at mail.argfrp.us.uu.net
Sat Mar 1 18:41:53 UTC 2003
"andy" == Andy Dills <andy at xecu.net> writes:
andy> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
>> At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
>> >Why is probing networks wrong?
>>
>> Depends on why you're doing the probing.
andy> If so, why outlaw the act of probing? Why not outlaw "probing
andy> for the purposes of..."?
What's the offset into the probe packets to the "intent of the this
probe" field? And would you trust it if there were one anyway?
>> If you're randomly walk up to my house and check to see if the door
>> is unlocked, you better be ready for a reaction. Same thing with
>> unsolicited probes, in my opinion. Can I randomly walk up to your
>> car to see if it's unlocked without getting a reaction out of you?
andy> This is different. Metaphors applying networking concepts to
andy> real world scenarios are tenuous at best.
andy> In this case, your door being unlocked cannot cause me
andy> harm. However, an "unlocked proxy" can.
Heh, so I guess you could make it his gun and the safety. Does that
change your answer? ;-)
andy> Legit probes are an attempt to mitigate network abuse, not
andy> increase it. If there was a sanctioned body who was trusted to
andy> scan for such things, maybe this wouldn't be an issue. But
andy> there's not, so it's a vigilante effort.
What's a legit probe? One where the owner gave you permission in
advance to run the scan? I can't think of another definition of that
phrase.
andy> You don't have to. This is why I never understood why people
andy> care so much about probing. If you do a good job with your
andy> network, probing will have zero affect on you. All the person
andy> probing can do (regardless of their intent) is say "Gee, I guess
andy> there aren't any vulnerabilities with this network."
This is a completely naive statement. There are 0 networks that I'm
willing to believe have 0 vulnerabilities on them. There may be 0
that you know about, but that doesn't mean there aren't more
vulnerabilities which aren't public knowledge lurking in sendmail or
bind or ssh or ssl or apache or any number of other services you have
running.
IMHO,
Michael
More information about the NANOG
mailing list