Question concerning authoritative bodies.

• Previous message (by thread): Port 445 issues (was: Port 80 Issues)
• Next message (by thread): Question concerning authoritative bodies.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's the background:

From: "Rich Kulawiec" on Spam-L mailing list

> On Sun, Mar 09, 2003 at 10:58:18AM -0600, Jack Bates wrote:
> > And this is what makes DNSBLs a good deal. Mark is asking for trouble
with
> > his theories. If every ISP and business issues its own scans, we only
> > succeed in making scanning traffic worse than spam itself at a server
> > resource level. We also increase the administration factor when mistakes
are
> > made. Instead of contacting 3-5 DNSBLs, one must contact every ISP that
> > happened to do a scan during the outage period. Centralizing scanning
for
> > security issues is a good thing in every way. It is the responsible
thing to do.
>
> I must reluctantly agree.  (The reluctance stems from my desire not
> to intrude on others' networks.  However, it's been overcome by the
> reluctance to be abused by those networks.)
>
> Centralized, or quasi-centralized, scanning with appropriate safeguards
> (to minimize frequency) and appropriate assignment of responsibility,
> beats the heck out of having thousands of independent entities repeating
> the same scans and thus adding to the collective misery.
>
> If we agree on this (and I don't know that we all do) then the debate
> shifts to "who?" and "how?".
>

So I'm curious what people think. We have semi centralized various things in
the past such as IP assignments and our beloved DNS root servers. Would it
not also make sense to handle common security checks in a similar manner? In
creating an authority to handle this, we cut back on the amount of noise
issued. I bring this up because the noise is getting louder. More and more
networks are issuing their own relay and proxy checks. At this rate, in a
few years, we'll see more damage done to server resources by scanners than
we do from spam and those who would exploit such vulnerabilities.

I know that this is more service level than network level, except for the
arguments continue to escalate over the rights of people to scan a network.
These arguments would be diminished if an authoritative body handled it in a
proper manner. At what point do we as a community decide that something
needs to be done? Would it not be better to have a single test suite run
against a server once every six months than the constant bombardment we see
now?

-Jack

• Previous message (by thread): Port 445 issues (was: Port 80 Issues)
• Next message (by thread): Question concerning authoritative bodies.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]