Darren Reed wrote: > On 11/25/09 10:45, Garrett D'Amore wrote: >> ... >> >> This is totally different from nmap, btw. IIUC, nmap does scans to >> passively identify potential weaknesses. I don't think it actually >> has any *exploits* for them. (Put another way, I don't think "nmap" >> used solely by itself can do serious harm. I think yersinia is quite >> different. I think their choice of name is suitably apropos -- naming >> after the black plague.) >> >> I feel strongly enough about this that I'm going to derail. > > Let me summarise the differences that I see: > > * I can use nmap from my workstation at Sun to remotely probe and test a > host connected to the Internet anywhere in the world for services that > it provides and might be vulnerable, all the while looking like it is > Sun doing that; > > * I can use yersinia to at most disrupt traffic on SWAN but more likely > this would be restricted to the LAN segment I'm on at Sun. > > Whilst the primary raison d'etre for both might be different, so too is > the scope of their aid to someone undertaking nefarious activity. > > yersnia isn't going to help you break into a remote host but it might > help you become the man in the middle when you others wouldn't have. > Even then it only threatens unencrypted traffic or encrypted traffic > without peer authentication. It also a possible threat when the trust > relationship between two hosts does not involve cryptography.
Nmap and yersinia are pitched very differently by their authors. Nmap is a scanning tool but the authors of yersinia make it pretty clear it is for attacking systems - yes there are good and bad reasons for that and as many Americans love to say "guns don't kill people, people kill people". The reason it is being seen that way is because that is how the project team pitched it to PSARC for review - the word Attack is even in the case title. Remember even with FOSS cases you have to assume that the ARC hasn't seen this stuff before and if you say you are integrating a tool for Attacking layer 2 networking of course we are going to be concerned. Instead of you saying you are integrating a Layer 2 network scanning tool similar to nmap (and maybe even reference that case number) then it appears very different. > I think that derailing this case is an over-reaction primarily because > it has been seen as an "attack" tool without properly considering what > the scope of its potential targets is. Derail just means "lets have a full case discussion" it does not now and never has mean't "no you can't do that" or "deny". All it means is that the case needs some discusion, usually because there is something controversial - which in this case there is. The project team has also been asked (since they are Sun engineers) to check with Sun legal (this isn't really an ARC requirement more a C-Team/P-Team one but the ARC is asking the question now since they are first to review). -- Darren J Moffat
