North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: anti-spam vs network abuse

  • From: Michael Lamoureux
  • Date: Sun Mar 02 00:36:27 2003

 "andy" == Andy Dills <[email protected]> writes:

andy> On 1 Mar 2003, Michael Lamoureux wrote:

andy> If you do a good job with your network, probing will have zero
andy> affect on you. All the person probing can do (regardless of
andy> their intent) is say "Gee, I guess there aren't any
andy> vulnerabilities with this network."
>> 
>> This is a completely naive statement.  There are 0 networks that I'm
>> willing to believe have 0 vulnerabilities on them.  There may be 0
>> that you know about, but that doesn't mean there aren't more
>> vulnerabilities which aren't public knowledge lurking in sendmail or
>> bind or ssh or ssl or apache or any number of other services you have
>> running.

andy> My statement is as naive as yours is ridiculous.

andy> You're telling me your IDS systems tell you when there is a new
andy> vulnerabilitiy, before you see it on bugtraq?

I've read my statement quite a few times, and I can't see where I even
implied that.


andy> So, since I'm so naive,

No no no...I never said that YOU were naive.  I said the statement
that if you've done a good job, all the prober can do is say that
there aren't any vulnerabilities on your network was naive.  Your own
argument supports what I said.  My whole point was that no matter how
good a job you do, you probably are still vulnerable to something.


andy> You realize that scanning happens after exploits get published,
andy> not before.

I don't even make the assumption that all exploits ever get published.


andy> My network is as secure as it can be, which IS NOT the same as
andy> "My network is invulnerable".

Exactly.


andy> Don't put words into my mouth simply so you can call them naive.

I'm not 100% sure where I did this, but I completely apologize if I
have.


IMHO,
Michael