Hi Norman,
Well, I hear that ORBS does not scan, but they do probe based on a
"recommendation" from unknown users of their web site. The apparent
rationale behind this appears to be:
1) If you have an open relay, it MIGHT be used to send spam to US.
2) We HAVE THE ABILITY to probe your mail server in a way we think
is justified given premise (1).
3) This probe doesn't actually hurt anything, so we feel justified in
doing it without asking your permission.
4) If we find you have an open relay, we will notify you about this,
to prevent the possiblity of (1).
5) We will then distribute this information to anyone who asks for it in
the right way via our DNS server.
My parallel would be:
1) If you have an insecure system, it MIGHT be used by others to launch
attacks against my network.
2) I HAVE THE ABILITY to probe your network with a security analysis
tool, in a way I think is justified given premise (1).
3) That tool only probes your vulnerabilites, and is not actually going
to be used to crack your system, so there is nothing wrong with doing
so without your permission.
4) If I find any vulnerabilities, I will inform you about them by
e-mail.
5) I will set up a DNS server to allow anyone else to determine whether
your system is on our "in-secure" list.
Surely you would not want me to set up a system like I have just
described, would you?
Simon
On Wed, 2 Feb 2000, Norman Richards wrote:
>
> > Using what I assume to be your rationale, which I notice that you do
> > not address at all on your web site, then I would be justified using
> > SATAN or some other network security tool to probe your network
> > without your permission with the justification that if your network
> > is insecure, then it might pose a threat to my network should
> > crackers happen to compromise yours. I hope that you would agree
> > with me that doing that would not be right at all. [...]
>
> Could you expand some on this? I'm not sure that I agree with your
> fundamental supposition here. I'm not saying I disagree - I'm just
> that the statement you make is not "obviously true" to me and requires
> some supporting arguments. (just curious)
>
> ___________________________________________________________________________
> [EMAIL PROTECTED] soli deo gloria
>
>
>
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
>
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
