[37855] in North American Network Operators' Group
RE: Stealth Blocking
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Fri May 25 02:39:22 2001
Date: Fri, 25 May 2001 00:03:26 -0400 (EDT)
From: <alex@yuriev.com>
To: jlewis@lewis.org
Cc: David Schwartz <davids@webmaster.com>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.30.0105242046130.3328-100000@redhat1.mmaero.com>
Message-ID: <Pine.LNX.3.96.1010525000117.16473C-100000@cathy.uuworld.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> > What's so bad about pre-emptive open-relay scanning is that if you feel
> > that is justified, you pretty much have accepted that anybody who pleases
> > may scan anybody else's network for any weakness he or she would like to
> > probe for.
>
> Whether you like / agree with it or not, this is happening and you can't
> stop it. Even back in the very early 90's you pretty much couldn't put a
> system on an internet connected network without people probing it,
> attempting to log into it, etc.
>
> There's a big difference between open-relay testing and port scanning /
> vulnerability probing. Saying that the former will lead to more of the
> latter is silly with current levels of the latter we already have. I've
> seen new systems hacked within 24h of being put on the net on a previously
> unused IP. Any argument that open-relay scanning will lead to more
> vulnerability scanning is just silly.
No, this is a totally valid argument. The reason is that process of scanning
for vulnerabilities is not in any shape or form different from scanning for
open-relays. Please explain to me who are you to determine what is a "right"
and what is a "wrong" reason?
Thanks,
Alex
