Scanning the Internet for Vulnerabilities
J. Hellenthal
jhellenthal at dataix.net
Mon Jun 20 23:01:33 UTC 2022
To what extent and to whom will you authorize to do that? 100 random college students? X number of new security firms? At some point it will break.
--
J. Hellenthal
The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
> On Jun 20, 2022, at 17:04, bzs at theworld.com wrote:
>
>
> It seems to me there's vulnerability testing and there's vulnerability
> testing and just lumping them all together motivates disparate
> opinions.
>
> For example it's one thing to perhaps see if home routers
> login/passwords are admin/admin or similar, or if systems seem to be
> vuln to easily exploitable bugs and reporting such problems to someone
> in charge versus, say, hammering at some network to see when/if DDoS
> mitigation kicks in.
>
> For example I've gotten email in the past that some of my servers were
> running ntp in a way which makes them vuln to being used for DDoS
> amplification and, I believe, fixed that. I didn't mind.
>
> Anyhow, you all probably get my point without further hypotheticals or
> examples.
>
> Scanning for known vulns and reporting can be ok, testing to
> destruction? Not so much.
>
> --
> -Barry Shein
>
> Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
> The World: Since 1989 | A Public Information Utility | *oo*
More information about the NANOG
mailing list