Scanning the Internet for Vulnerabilities
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Jun 20 02:49:37 UTC 2022
In message <CB7990CD-5284-4A9C-BB98-4D55B21B50FF at seiden.com>,
Mark Seiden <mis at seiden.com> wrote:
>it should be mentioned that shadowserver also notifies those who
>register as the owners of that address space.
Yes. That is quite a public spirited endeavor in the best traditions of
the Internet.
>my thinking about this sort of thing, in general, is:
>
>- it depends on who's doing it and why, and what they do with the information
Yes. And my question was deliberately open-ended with regards to those
two points, specifically.
Shadowserver is an example of a public-interest enterprise. And unless
I'm mistaken, we can easily know who they are and what they do with the
information they collect.
There are however counter-examples... enterprises that are not quite so
forthright, either in their willingness to be identified or in the disposition
of their results data.
>- it's polite enough for me for the good guys to identify
>themselves so you (the target) can worry
>less when you notice the activity.
I agree. But that that raises the question: How would (or should) a "benign"
scanning enterprise publicly identify itself in a manner so as to mitigate
undue alarm?
Regards,
rfg
More information about the NANOG
mailing list