North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: anti-spam vs network abuse
"andy" == Andy Dills <[email protected]> writes: andy> On 1 Mar 2003, Michael Lamoureux wrote: andy> If you do a good job with your network, probing will have zero andy> affect on you. All the person probing can do (regardless of andy> their intent) is say "Gee, I guess there aren't any andy> vulnerabilities with this network." >> >> This is a completely naive statement. There are 0 networks that I'm >> willing to believe have 0 vulnerabilities on them. There may be 0 >> that you know about, but that doesn't mean there aren't more >> vulnerabilities which aren't public knowledge lurking in sendmail or >> bind or ssh or ssl or apache or any number of other services you have >> running. andy> My statement is as naive as yours is ridiculous. andy> You're telling me your IDS systems tell you when there is a new andy> vulnerabilitiy, before you see it on bugtraq? I've read my statement quite a few times, and I can't see where I even implied that. andy> So, since I'm so naive, No no no...I never said that YOU were naive. I said the statement that if you've done a good job, all the prober can do is say that there aren't any vulnerabilities on your network was naive. Your own argument supports what I said. My whole point was that no matter how good a job you do, you probably are still vulnerable to something. andy> You realize that scanning happens after exploits get published, andy> not before. I don't even make the assumption that all exploits ever get published. andy> My network is as secure as it can be, which IS NOT the same as andy> "My network is invulnerable". Exactly. andy> Don't put words into my mouth simply so you can call them naive. I'm not 100% sure where I did this, but I completely apologize if I have. IMHO, Michael
|