[31437] in North American Network Operators' Group
Re: netscan.org update
daemon@ATHENA.MIT.EDU (John Fraizer)
Sat Sep 23 21:54:51 2000
Date: Sat, 23 Sep 2000 21:52:52 -0400 (EDT)
From: John Fraizer <nanog@EnterZone.Net>
To: Patrick Greenwell <patrick@cybernothing.org>
Cc: Troy Davis <troy@nack.net>, nanog@merit.edu
In-Reply-To: <Pine.BSF.4.21.0009231836250.87934-100000@localhost>
Message-ID: <Pine.LNX.4.21.0009232147330.7119-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 23 Sep 2000, Patrick Greenwell wrote:
>
> On Sat, 23 Sep 2000, Troy Davis wrote:
>
> >
> > Greetings,
> >
> > netscan.org now has a list of the ASNs announcing the most smurf
> > amplifiers, available at: http://netscan.org/most-active-asns.html
> >
> > It's not currently being dynamically generated, but it will be in the
> > next few weeks, when we will probably increase it to show the top 1000
> > and perhaps add more information (email address, number of amps,
> > average amplification, amps as a percentage of total class Cs being
> > announced).
>
> Can someone explain to me why it is ok to blindly scan other peoples
> networks without their permission for smurf amplifiers and post the
> results, while doing the same for SMTP servers has met with heavy
> criticism?
>
> The question is *not* intended as a flame, I would just really like to
> understand the reasoning that makes one apparently acceptable and the
> other not.
>
> Thanks.
>
>
IMHO, both types of scans serve to benefit the operator of the
network/service that is scanned, IF and only _IF_ that operator takes
action to correct any problems that may be detected/reported.
To more specifically answer your question though, I consider it to be less
intrusive for someone to send an ICMP echo request to the
broadcast/network address of every CIDR bit boundry of networks on our
backbone and count the replies than for someone to randomly scan for SMTP
servers and then subject those servers to a massive relay test. The SMTP
testing represents more load on hosts and the network than the SMURF
testing.
---
John Fraizer
EnterZone, Inc
