North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: anti-spam vs network abuse
- From: Charlie Clemmer
- Date: Fri Feb 28 16:16:28 2003
-----BEGIN PGP SIGNED MESSAGE-----
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
>Why is probing networks wrong?
Depends on why you're doing the probing.
If you're randomly walk up to my house and check to see if the door is
unlocked, you better be ready for a reaction. Same thing with unsolicited
probes, in my opinion. Can I randomly walk up to your car to see if it's
unlocked without getting a reaction out of you?
Where this thread got started, the scenario was around if I connect to your
SMTP server to attempt to relay mail, is it then right to probe me for open
relays and so forth. In that case, I can see the reasoning, as I initiated
the connection, so you're checking to see if I'm sane or not. The line gets
drawn though as to how much probing is reasonable ... can you probe my
system for ALL open ports/exploits just because I tried to send mail
through you, or can you probe all machines that fit in my address range
(and how do you determine my address range?) ... that's where the larger
debate comes in.
I have servers hosted at shared colo facilities. If you were to scan the
entire netblock for my colo provider because a different customer at the
same facility tried to send mail through you, how am I to determine your
cause, or determine that it was not a scan for a vulnerability?
Just my opinions ...
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----