North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: anti-spam vs network abuse

  • From: jlewis
  • Date: Sat Mar 01 14:09:55 2003

On 1 Mar 2003, Michael Lamoureux wrote:

> andy> If so, why outlaw the act of probing? Why not outlaw "probing
> andy> for the purposes of..."?
> 
> What's the offset into the probe packets to the "intent of the this
> probe" field?  And would you trust it if there were one anyway?

People speed, drive drunk, and run over pedestrians.  Should we outlaw 
cars?  Maybe just in California? :)

> What's a legit probe?  One where the owner gave you permission in
> advance to run the scan?  I can't think of another definition of that
> phrase.

When you walk into the secure part of an airport or some schools in rough
neighborhoods, you're scanned for metallic objects.  When you exchange
traffic with certain networks, they may also want to check you out to see
what risk may be associated with accepting your data in the future.  If
your system is an open relay/proxy, then there's elevated risk that at
some point (if not already), the data coming from your system will be
SPAM.  Some networks will choose not to accept your data or to tag it
in order to prevent their customers from having to accept unwanted data.

> This is a completely naive statement.  There are 0 networks that I'm
> willing to believe have 0 vulnerabilities on them.  There may be 0
> that you know about, but that doesn't mean there aren't more
> vulnerabilities which aren't public knowledge lurking in sendmail or
> bind or ssh or ssl or apache or any number of other services you have
> running.

So if nobody probes your network, it's more secure?

----------------------------------------------------------------------
 Jon Lewis *[email protected]*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________