anti-spam vs network abuse
Michael Lamoureux
lamour at mail.argfrp.us.uu.net
Sun Mar 2 05:28:49 UTC 2003
"andy" == Andy Dills <andy at xecu.net> writes:
andy> On 1 Mar 2003, Michael Lamoureux wrote:
andy> If you do a good job with your network, probing will have zero
andy> affect on you. All the person probing can do (regardless of
andy> their intent) is say "Gee, I guess there aren't any
andy> vulnerabilities with this network."
>>
>> This is a completely naive statement. There are 0 networks that I'm
>> willing to believe have 0 vulnerabilities on them. There may be 0
>> that you know about, but that doesn't mean there aren't more
>> vulnerabilities which aren't public knowledge lurking in sendmail or
>> bind or ssh or ssl or apache or any number of other services you have
>> running.
andy> My statement is as naive as yours is ridiculous.
andy> You're telling me your IDS systems tell you when there is a new
andy> vulnerabilitiy, before you see it on bugtraq?
I've read my statement quite a few times, and I can't see where I even
implied that.
andy> So, since I'm so naive,
No no no...I never said that YOU were naive. I said the statement
that if you've done a good job, all the prober can do is say that
there aren't any vulnerabilities on your network was naive. Your own
argument supports what I said. My whole point was that no matter how
good a job you do, you probably are still vulnerable to something.
andy> You realize that scanning happens after exploits get published,
andy> not before.
I don't even make the assumption that all exploits ever get published.
andy> My network is as secure as it can be, which IS NOT the same as
andy> "My network is invulnerable".
Exactly.
andy> Don't put words into my mouth simply so you can call them naive.
I'm not 100% sure where I did this, but I completely apologize if I
have.
IMHO,
Michael
More information about the NANOG
mailing list