Security Basics mailing list archives
RE: application for an employment
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 31 Mar 2006 13:17:17 -0800
-----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] You're contradicting yourself. A root server may refer my query to your server, but it's still my server connecting to your server to do the actual query, thus it must somehow have gotten your permission. Besides, how do I get permission to access the root servers or any other upstream DNS server not owned by myself?
Your ISP tells you about a DNS server you may use, either textually when you contract for their services, or automatically via DHCP (or both). That server may later inform you of other services for which permission has been arranged.
AFAIK, Google still supports a mechanism for telling them about specific pages to be indexed. And their spider plays by the robots.txt rules, which your port scanner probably does not.That doesn't answer the questions. To read a robots.txt the spider must already have connected to your server. How does Google get permission to do that? And how do I get permission to access Google?
Google pays money to television networks to tell the world: come connect to our servers *VIA HTTP (PORT 80)*. Goggle doesn't give you permission to portscan them by doing so. Google doesn't port-scan; it follows links on public pages, just as a user could. It has to assume, reasonably, that links on public pages are probably to other public pages. If some miscreant publicly posts a link to a page that's not supposed to be public, the poster is liable, not people or programs that follow the link *in good faith*.
Oh, okay, let's exclude all non-legitimate examples.Then give me alegitimate one, please, that I *can't* knock down.I already gave you some. Up to now you failed to knock them down. In fact you didn't answer a single question of mine.
I believe I've responded to everything that looked like a sensible question. If you don't agree, we may have reached the bounds of rational discourse.
I've already listed two "advertising" mechanisms, withoutgoing intosilly proprietary endeavors like SLP.Neither of them would work if you were right, and both of them are very specific in their advertisements. I repeat: there is no general advertisement mechanism for services in the Internet. And I still can neither know nor assume that any service is not provided purposely, unless it requires authentication of some sort.
Since they *DO* work, millions of times a day, obviously your theory that they wouldn't fails to account for reality. You cannot *legally* assume that any service *is* provided purposely, unless told so and invited to use it. Luckily, enough services are provided purposely that this is rarely an issue for people who do not go hunting for unadvertised services.
Bottom line: If you don't want your property trespassed,don't put itinto public places.Our data center is not, by any stretch, a public place.Does it have a public IP address? Does it provide services towards the Internet? If so: how can it *not* be a public place?
Certainly it has a connection to other network facilities. You know what? THEY are not public places either -- they are OWNED by entities who enforce policies of access and behaviour. Is your phone a public place? Is your house a public place because it contains your phone? Is the public invited to call you, 24-7, to find out if you're awake or not, because of course there's no other general mechanism to tell whether you're awake or not, ergo your phone number constitutes an invitation to the world to call whenever they want to find out. No, I don't think so. David Gillett --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Message not available
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- Message not available
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- <Possible follow-ups>
- RE: application for an employment David Gillett (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Anthony Ettinger (Apr 03)
- Re: RE: application for an employment cwright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment David Gillett (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Re: application for an employment D. Bolliger (Apr 05)
- Re: application for an employment Micheal Espinola Jr (Apr 05)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)