Michael,
True a scan is just a scan, and who cares. But some of the scans
recorded are looking for a Trojan and these should be reported. I
have no mercy on those scans because they are basically criminal.
Regular scans who cares. So if we limit reporting to the "illegal"
scans I think that will avoid the concerns about a police state. I
would not want an overbearing nanny or police state.
----- Original Message -----
From: "Michael E. Cummins" <[EMAIL PROTECTED]>
To: "EXT-Springer, Aaron C" <[EMAIL PROTECTED]>;
"Firewalls Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, February 18, 2000 1:27 PM
Subject: RE: Someone is scanning me
> -----Original Message-----
> From: EXT-Springer, Aaron C [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 18, 2000 1:08 PM
> To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: RE: Someone is scanning me
>
>
> I can understand your position and I would not try to tell you
> how to react.
>
> I think that a scan is just a scan, I would hate to have it come
> to the point where doing a scan on somebody gets your ISP account
> revoked. This country is turning into a police state as it is.
> I can see a future where any kind of probing is deemed illegal by
> the Gestapo. In the UK if you don't give up your crypto keys
> when the Gov. asks, you go to jail. The day may come when having
> strobe or nmap on your machine is illegal..
>
> If they do more than a scan then, hey give it to `em...
>
>
> acs
The more I think about it, the more I am questioning my initial zeal
in
spanking this fellow. I think that you have a valid point, but I am
still
uncomfortable with what appears to me to be a script kiddy scanning a
broad
number of addresses looking quite specifically for Trojan infected
machines.
I myself have a fear of the way some of our legislators are looking at
"cyber crime", "cryptology" and various other internet related issues.
Keeping the discussion list-specific, as an operator of numerous
firewalls...
What is our responsibility to this?
Do we wait for the attacker to "breach" before reacting? Or do we try
to
determine on a case by case basis what the intent of the anomaly was?
I
have always favored preventive action over corrective, but I am trying
to
find a happy balance here between ethics, logistics and behavioral
precedents that I will pass on to my employees.
Some of us cannot deal with the number of probes received per day, it
would
be a logistic impossibility. (Luckily, I am not one of these.
Currently, I
co-locate servers and pay for the services.) Thus, I can understand a
policy based on "Well, what did they actually get away with?"
Or is that too lax?
If we find ourselves with the time and the resources, do we have the
obligation to swat the flies? Am I correct in perceiving that the
majority
of intrusions today are from people that actually have little
knowledge of
the principles their downloaded tools are based upon - and a bit too
much
time on their hands?
In my case, I just shared my logfiles with the German ISP that we
assumed
the port scanning originated from. I stressed that no damage was done,
and
no successful breach took place. I just alerted them that the event
took
place, as a courtesy to them. At least, that truly is the spirit I
sent it
in after thinking about everything a few times.
How many people agree or disagree with that action, and why? I am
curious.
Thanks.
,_,
(O,O)
( )
-"-"---------------------------------------------------------------
| From the Desk of Michael E. Cummins |
| |
| WEBSITE: http://www.i-magery.com |
| E-MAIL: mailto:[EMAIL PROTECTED] |
| |
| "The main thing is to keep the main thing, the main thing" |
| - Albert Einstein |
| |
| "Si hoc legere scis numium eruditionis habes" |
-------------------------------------------------------------------
====================================================
And for you automated email spammers out there,
here are the email addresses of the current board of
the Federal Communications Commission:
Chairman William Kennard: [EMAIL PROTECTED]
Commissioner Susan Ness: [EMAIL PROTECTED]
Commissioner Harold Furchtgott-Roth: [EMAIL PROTECTED]
Commissioner Michael Powell: [EMAIL PROTECTED]
Commissioner Gloria Tristani: [EMAIL PROTECTED]
And let's help you send some spam to the USPS, too:
[EMAIL PROTECTED]
====================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
