Scanning the Internet for Vulnerabilities
bzs at theworld.com
bzs at theworld.com
Wed Jun 22 03:53:14 UTC 2022
On June 20, 2022 at 18:01 jhellenthal at dataix.net (J. Hellenthal) wrote:
>
> To what extent and to whom will you authorize to do that? 100 random college students? X number of new security firms? At some point it will break.
Define "authorize".
>
> --
> J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
>
> > On Jun 20, 2022, at 17:04, bzs at theworld.com wrote:
> >
> >
> > It seems to me there's vulnerability testing and there's vulnerability
> > testing and just lumping them all together motivates disparate
> > opinions.
> >
> > For example it's one thing to perhaps see if home routers
> > login/passwords are admin/admin or similar, or if systems seem to be
> > vuln to easily exploitable bugs and reporting such problems to someone
> > in charge versus, say, hammering at some network to see when/if DDoS
> > mitigation kicks in.
> >
> > For example I've gotten email in the past that some of my servers were
> > running ntp in a way which makes them vuln to being used for DDoS
> > amplification and, I believe, fixed that. I didn't mind.
> >
> > Anyhow, you all probably get my point without further hypotheticals or
> > examples.
> >
> > Scanning for known vulns and reporting can be ok, testing to
> > destruction? Not so much.
> >
> > --
> > -Barry Shein
> >
> > Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
> > Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
> > The World: Since 1989 | A Public Information Utility | *oo*
--
-Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
The World: Since 1989 | A Public Information Utility | *oo*
More information about the NANOG
mailing list