North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: anti-spam vs network abuse

  • From: Richard Irving
  • Date: Mon Mar 03 12:33:14 2003

Honestly people, to summarize all this...

 Legislation is not the correct "knee jerk" response to
technical challenges... Lawyers and Politicians
just -think- it is....

  Perhaps related to perceiving themselves as important
to the problem, eh  ? And, that also happens to create
a situation where they get paid to be involved, eh ?

 Science really doesn't care about what is politically correct,
or who you are, all it really cares about is mathematics, and reality.

 Only politicians think it bends to their whim...

  (See the attempt to "legislate" the value of PI)

 The reality is, if we outlaw probing, we will be arresting
thousands of innocents, as 80% (if not more, this stat is 
made up, but based upon real world observation ) of the probes 
in the internet are caused by trojans and worms....
 
 So, Grandma Kettle, sitting out in her cornfield, on GTE DSL
is going to go to jail, because her grandson downloaded a
"neat" program he saw on the internet.... or, clicked on
the attachment that arrived in the e-mail whose subject was
the beginning of a cute little joke about snow white, 
and some dwarves....

 By that standard we would be arresting the Microsoft
database administrators, for participating in the most
recent SQL based worm. (Once penetrated, the MS servers
probed other servers to self-propogate, 
just like other compromised servers..)

 The sheer volume of "false probe positives" could busy out
-any- size agency created to enforce such a law.
 
 Legislating something rarely makes the situation better, when it
comes to science.....I sugges the answer is found in ACL's, and
the technical arena, not the political......

 And, also, I suggest PI should remain 3.14(etc.), 
 no matter what the politicians say.




Michael Lamoureux wrote:
> 
>  "andy" == Andy Dills <[email protected]> writes:
> 
> andy> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
> 
> >> At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
> >> >Why is probing networks wrong?
> >>
> >> Depends on why you're doing the probing.
> 
> andy> If so, why outlaw the act of probing? Why not outlaw "probing
> andy> for the purposes of..."?
> 
> What's the offset into the probe packets to the "intent of the this
> probe" field?  And would you trust it if there were one anyway?
> 
> >> If you're randomly walk up to my house and check to see if the door
> >> is unlocked, you better be ready for a reaction. Same thing with
> >> unsolicited probes, in my opinion. Can I randomly walk up to your
> >> car to see if it's unlocked without getting a reaction out of you?
> 
> andy> This is different. Metaphors applying networking concepts to
> andy> real world scenarios are tenuous at best.
> 
> andy> In this case, your door being unlocked cannot cause me
> andy> harm. However, an "unlocked proxy" can.
> 
> Heh, so I guess you could make it his gun and the safety.  Does that
> change your answer?  ;-)
> 
> andy> Legit probes are an attempt to mitigate network abuse, not
> andy> increase it. If there was a sanctioned body who was trusted to
> andy> scan for such things, maybe this wouldn't be an issue. But
> andy> there's not, so it's a vigilante effort.
> 
> What's a legit probe?  One where the owner gave you permission in
> advance to run the scan?  I can't think of another definition of that
> phrase.
> 
> andy> You don't have to. This is why I never understood why people
> andy> care so much about probing. If you do a good job with your
> andy> network, probing will have zero affect on you. All the person
> andy> probing can do (regardless of their intent) is say "Gee, I guess
> andy> there aren't any vulnerabilities with this network."
> 
> This is a completely naive statement.  There are 0 networks that I'm
> willing to believe have 0 vulnerabilities on them.  There may be 0
> that you know about, but that doesn't mean there aren't more
> vulnerabilities which aren't public knowledge lurking in sendmail or
> bind or ssh or ssl or apache or any number of other services you have
> running.
> 
> IMHO,
> Michael