May I ask a couple of questions of the group that try to focus in
on my concerns imbedded in and related to this too long running
argument?
If Host-A receives suspicious and unsolicited data from Host-B
(possibly UCE, SPAM, probe, login attempt .. whatever) then what
action is administrator of Host-A ethically 'permitted' to take to
Host-B?
May he send Email (perhaps automatically)
to postmaster@Host-B or root@Host-B?
If so, how is this substantially different than:
Telnet to port 25 to see host login banner?
Telnet to port 25 to VRFY users?
Probe/scan to port 25 to see if mail service is offered?
May he use IDENT (perhaps automatically) to check if user is
logged in?
If so, how is this substantially different than:
Using IDENT manually, rather than as automatic authentication?
Probe/scan to port 113?
May he use FINGER (perhaps automatically) to see if user is valid
on host?
If so, how is this substantially different than:
Using FINGER manually to check user-ids?
Probe/scan on port 79?
May he use NSLOOKUP to locate authorized nameserver ?
then using accessing authorized nameserver to determine
administrator or doman owner?
If so, how is this substantially different than:
Using DNS queries targed to a host at other times?
Using nslookup ls to scan hostnames in domain?
Probe/scan on port 53?
May he use SNMP to see offered administrator name or location
info?
If so, how is this substantially different than:
Using SNMP at other times,
and with other queries
Telneting to port 161?
Probe/scan on port 161?
May he TELNET to Host-B to see the login banner?
If so, how is this different than Probing/scaning on port 23?
May he FTP to Host-B to see login banner?
If so, how is this different than probing/scanning on port 21?
May he run a portscan (e.g. nmap) to see what services are
offered?
Still with me? OK.
Where (in your opinion, or legaly) does this series of responses
cross the line?
What is inappropriate about making use of offered, legitimate
services?
If you feel that any unsolicited access to Host-B is 'wrong' does
this opinion change after being solicited by an exchange initiated
from Host-B?
Is client based access to service X really fundamentally different
than probing access? To the system at Host-B, don't the client
based and manual accesses have the same impact to the receiving
host?
I often set up tcp_wrappers to make use of information gleaned
from DNS, Finger, and ident. Does this practice constitute an
ethical violation of Host-B?
When I review the log files of access violations to my host, I use
some of the above techniques to try to determine who attempted
access and from where? Does this practice constitute an ethical
violation of Host-B?
/* Thanks for the many interesting discussions - among the BS and
flames.*/
Dave
David Smart
Computer Sciences Corporation
Moorestown, NJ
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
