Honestly people, to summarize all this...
Legislation is not the correct "knee jerk" response to
technical challenges... Lawyers and Politicians
just -think- it is
Perhaps related to perceiving themselves as important
to the problem, eh ? And, that also happens to create
a situation wher
"andy" == Andy Dills <[EMAIL PROTECTED]> writes:
andy> On 1 Mar 2003, Michael Lamoureux wrote:
andy> If you do a good job with your network, probing will have zero
andy> affect on you. All the person probing can do (regardless of
andy> their intent) is say "Gee, I guess there aren't any
andy> v
On 1 Mar 2003, Michael Lamoureux wrote:
> >> If you're randomly walk up to my house and check to see if the door
> >> is unlocked, you better be ready for a reaction. Same thing with
> >> unsolicited probes, in my opinion. Can I randomly walk up to your
> >> car to see if it's unlocked without ge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 02:07 PM 3/1/2003 -0500, [EMAIL PROTECTED] wrote:
>People speed, drive drunk, and run over pedestrians. Should we outlaw
>cars? Maybe just in California? :)
To use your analogy, you'd have to outlaw computers because they're used to
bad things
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 01:41 PM 3/1/2003 -0500, Michael Lamoureux wrote:
> andy> In this case, your door being unlocked cannot cause me
>andy> harm. However, an "unlocked proxy" can.
>
>Heh, so I guess you could make it his gun and the safety. Does that
>change your a
On 1 Mar 2003, Michael Lamoureux wrote:
> andy> If so, why outlaw the act of probing? Why not outlaw "probing
> andy> for the purposes of..."?
>
> What's the offset into the probe packets to the "intent of the this
> probe" field? And would you trust it if there were one anyway?
People speed,
"andy" == Andy Dills <[EMAIL PROTECTED]> writes:
andy> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
>> At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
>> >Why is probing networks wrong?
>>
>> Depends on why you're doing the probing.
andy> If so, why outlaw the act of probing? Why not outlaw "pr
At 05:05 PM 28-02-03 -0500, Len Rose wrote:
Scanning is always a precursor to an attack, or to determine if any obvious
methodology can be used to attack. At least that's how it has been
historically viewed.
When buying from Landsend or Amazon, I normally trust their ecommerce
security. But when
[EMAIL PROTECTED] writes:
> When I hooked up my first server on the internet back in 1993, I was kind
> of shocked that some far away stranger was trying to log into my POP3
> server. Unwanted connections have been a fact of life on the internet
> probably since its beginning.
here's a sam
On Sat, 1 Mar 2003 [EMAIL PROTECTED] wrote:
> On Fri, 28 Feb 2003, Andy Dills wrote:
>
> > You don't have to. This is why I never understood why people care so much
> > about probing. If you do a good job with your network, probing will have
> > zero affect on you. All the person probing can do (
On Fri, 28 Feb 2003, Andy Dills wrote:
> Actually, I think the debate starts with Paul telling Jon that Jon isn't
> passively scanning connection hosts, he's actively trawling for open
> proxies, that Paul has the logs to prove it, and that since Paul is in
> California, Jon has broken the law.
On Fri, 28 Feb 2003, Roy wrote:
> I haven not checked NJABL but some of the other other open relay testers use
> scenarios that are illegal (actually criminal) in California.
If you mean the use of "incorrect" from addresses, I believe that law only
applies if the message(s) sent with someone e
Hi, NANOGers.
] and conversely, all attacks are not preceded by scanning.
Very true. Most of the attack activity I monitor does not include
scanning activity or any other reconnaissance. However, those who
attack often enjoy monitoring their progress. This can be an
interesting (albeit diffic
It isn't the probing that is illegal in California, its the unauthorized use of a
domain name especially in the from address.
http://law.spamcon.org/us-laws/states/ca/pc_502.shtml
9.Knowingly and without permission uses the Internet domain name
of another individual, corporation, or entity in co
Hi,
Why is it clearly untrue? Remember when researchers used
to send announcements out beforehand? I do.
Well, you're taking me too literally of course!
Len
On Fri, Feb 28, 2003 at 04:00:25PM -0800, Randy Bush wrote:
> > Scanning is always a precursor to an attack
>
> this is clearly not true
> Scanning is always a precursor to an attack
this is clearly not true, as scans are done for research and
other goals.
and conversely, all attacks are not preceded by scanning.
randy
"E.B. Dreger" wrote:
> Actually, when one leaves honeypots and/or tarpits, getting
> probed can be rather fun...
Second this !
:D
Did you ever hear of the guy who wrote a C based 'bot trap
and brought down both a big name search engine mining bot,
and a providers (major) Unix server
> Why is probing networks wrong?
i guess it's a last ditch scaling thing. i won't complain to an isp when
their customer probes my host as a result of me sending them e-mail -- but
i will drop in a local blackhole route so that i won't get any more traffic
from or to the prober's network. (if t
> As a result the ISP must either A) purchase more RAM, faster CPUs,
> and additional servers, or B) run the risk of complaints and lost
> customer goodwill. All of this costs time and money.
Looks like both a netscan and a portscan, and clearly not designed
to limit damages to innocent third pa
AD> Date: Fri, 28 Feb 2003 16:54:47 -0500 (EST)
AD> From: Andy Dills
AD> You don't have to. This is why I never understood why people
AD> care so much about probing. If you do a good job with your
AD> network, probing will have zero affect on you. All the person
Actually, when one leaves honeyp
Joe St Sauver wrote:
>
There is NO legal advice in this post. Really!
> In Oregon, see ORS 164.377(4):
>
> "Any person who knowingly and without authorization uses, accesses or
> attempts to access any computer, computer system, computer network, or any
> computer software, program, documentat
Richard Irving wrote
>Jack Bates wrote:(SNIPO)
>> > Should we outlaw a potentially beneficial practice due to its abuse by
>> > criminals?
>> >
>> Okay. What happens if you make a mistake and overload one of my devices
>> costing my company money.
>
> That is usually a civil issue, not criminal.
Hi..
That's the problem, Sir! Many (I daresay the majority) of people take
my hardnosed position. I know that there are people and services with
good intentions, but I respectfully suggest that those good intentions
shall not pass my borders.
If an anti-spam mail relay testing service proactiv
Len Rose wrote:
>
> Scanning is always a precursor to an attack, or to determine if any obvious
> methodology can be used to attack. At least that's how it has been
> historically viewed.
See my other post. MAPS assists users in closing their "innocent"
relay capable systems. And, FWIW, pro-ac
> In this case, your door being unlocked cannot cause me harm. However, an
> "unlocked proxy" can. Legit probes are an attempt to mitigate network
> abuse, not increase it. If there was a sanctioned body who was trusted to
> scan for such things, maybe this wouldn't be an issue. But there's not, s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 04:54 PM 2/28/2003 -0500, Andy Dills wrote:
>You don't have to. This is why I never understood why people care so much
>about probing. If you do a good job with your network, probing will have
>zero affect on you. All the person probing can do (re
Scanning is always a precursor to an attack, or to determine if any obvious
methodology can be used to attack. At least that's how it has been
historically viewed.
In my opinion there is no legitimate reason to scan a remote host or network
without the permission of the owners. Otherwise it is
There is NO legal advice in this post.
Jack Bates wrote:(SNIPO)
> > Should we outlaw a potentially beneficial practice due to its abuse by
> > criminals?
> >
> Okay. What happens if you make a mistake and overload one of my devices
> costing my company money.
That is usually a civil issue, no
On Fri, 28 Feb 2003, Charlie Clemmer wrote:
> At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
> >Why is probing networks wrong?
>
> Depends on why you're doing the probing.
If so, why outlaw the act of probing? Why not outlaw "probing for the
purposes of..."?
> If you're randomly walk up to my h
On Fri, Feb 28, 2003 at 03:11:00PM -0600, Jack Bates quacked:
> >
> > Should we outlaw a potentially beneficial practice due to its abuse by
> > criminals?
> >
> Okay. What happens if you make a mistake and overload one of my devices
> costing my company money. I guarantee you, the law will look f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
>Why is probing networks wrong?
Depends on why you're doing the probing.
If you're randomly walk up to my house and check to see if the door is
unlocked, you better be ready for a reaction. Same thing
>
> Why is probing networks wrong?
>
> I would agree exploiting vulnerabilities discovered from probing networks
> is wrong. But I don't agree that probing is inherently wrong.
>
> People probe networks for great reasons. Likewise, people have the ability
> to prevent other people from probing t
On Fri, 28 Feb 2003, Andy Dills wrote:
> Why is probing networks wrong?
Probe .mil and .gov networks and find out.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
On Fri, 28 Feb 2003, Gary E. Miller wrote:
> On Fri, 28 Feb 2003, Paul Vixie wrote:
>
> > However, they scanned every address in every netblock I own, looking
> > for SMTP servers. That was abuse, that was illegal in California,
>
> Could you please provide a citation from the CA law for this?
Yo Paul!
On Fri, 28 Feb 2003, Paul Vixie wrote:
> However, they scanned every address in every netblock I own, looking
> for SMTP servers. That was abuse, that was illegal in California,
Could you please provide a citation from the CA law for this? Better
yet, do you have any case law?
RGDS
At 12:56 PM 2/28/2003, Paul Vixie wrote:
> > For the past 15 months, NJABL has reactively tested systems that have
> > connected to participating SMTP servers to see if those systems are open
> > relays. ...
> >
> > We do not consider what NJABL does abuse, ...
Jon,
If "they" are indeed only test
> > For the past 15 months, NJABL has reactively tested systems that have
> > connected to participating SMTP servers to see if those systems are open
> > relays. ...
> >
> > We do not consider what NJABL does abuse, ...
Jon,
If "they" are indeed only testing systems who connect to them, it's no
I haven not checked NJABL but some of the other other open relay testers use
scenarios that are illegal (actually criminal) in California.
Roy
[EMAIL PROTECTED] wrote:
> We (Atlantic.Net) have gotten a flurry of abuse complaints from people
> who's systems have been scanned by 209.208.0.15 (rt
On Thu, 27 Feb 2003 22:36:37 -0500 (EST), [EMAIL PROTECTED] wrote:
>This sort of activity is becoming more common / mainstream, so
>people
>ought to just get used to it. Road Runner is doing the same thing
>(according to http://sec.rr.com/probing.htm) which is pretty ironic
>given
>how their sec
From: <[EMAIL PROTECTED]>
>
> We (Atlantic.Net) have gotten a flurry of abuse complaints from people
> who's systems have been scanned by 209.208.0.15 (rt.njabl.org...a DNSBL
> hosted on our network). I'm hoping the new PTR record will head off many
> complaints now.
>
> For the past 15 months,
40 matches
Mail list logo
