Firewall Wizards mailing list archives

Re: "Who else picked this one up?"

From: "Paul D. Robertson" <proberts () clark net>
Date: Tue, 4 May 1999 06:33:03 -0400 (EDT)

On Tue, 4 May 1999, R. DuFresne wrote:

Nobody should be "testing" a scanner against a network I administer 
without my express permission.  The idea that scanning a foreign network 
for potential vulnerabilities without permission is valid behaviour is 
just plain wrong.


I totally agree.  Yet, can I question:  Have we not just reduced this to
an arguement of cyber-moralities?  For, I think, if you got my point that


Yes, for the most part it is no different than e-mail abuse or USENET 
abuse.  We can filter our own traffic, filter traffic that reaches us, or 
act as a community and make visible people who violate community 
standards for whatever reason.  Community standards is, I think where you 
take the main issue.  Once again, like RBL, it's possible to do this 
right.  There are databases similar to RBL that *aren't* done right, so 
it's possible to do it incorrectly as well.  But once again, this is a 
solvable problem.  If everyone had outbound filter rules for 
anti-spoofing, things would be a *lot* more difficult for both attackers 
and those with patently bad manners.

The poster who complained of still having mail rejected after being 
removed from RBL is certainly seeing an artifact of something different, 
since RBL is a real-time lookup.  If I choose to use RBL, then it's a 
choice for my mail system and my users.  If I choose not to, the same is 
true, but the system doesn't work without a way to report on offenders 
and aggragate those reports.

For INFOSEC, we need not only real-time information, but also historical 
information.  There's no other way to do trending and analysis, and I 
happen to think that's the last resort we have left these days.  If it's 
done incorrectly, then I'll be the first to yell.  That's why it's 
important to get consensus up front, and be involved.  

The first step is establishing a baseline, and I think that's what 
Marcus' focus is, but we're all aware of the possible conclusions, and I 
think we need to be working in a direction that puts responsibility on 
network operators.  That simply won't happen without some reason for them 
to behave.  If you don't kick an unruly student out of class, then 
they'll continue to disrupt it.  


Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Current thread:

Re: "Who else picked this one up?", (continued)
- Re: "Who else picked this one up?" R. DuFresne (May 01)
  - Re: "Who else picked this one up?" Paul D. Robertson (May 03)
    - Re: "Who else picked this one up?" R. DuFresne (May 03)
    - Re: "Who else picked this one up?" David Lang (May 04)
    - Re: "Who else picked this one up?" Paul D. Robertson (May 04)
    - Re: "Who else picked this one up?" R. DuFresne (May 04)
    - Re: "Who else picked this one up?" Paul D. Robertson (May 04)
    - Re: "Who else picked this one up?" Joseph S D Yao (May 05)
    - Re: "Who else picked this one up?" David Gillett (May 07)
    - Re: "Who else picked this one up?" R. DuFresne (May 04)
    - Re: "Who else picked this one up?" Paul D. Robertson (May 04)
    - Re: "Who else picked this one up?" carson (May 05)
    - Re: "Who else picked this one up?" Eric Budke (May 05)
- Re: "Who else picked this one up?" dreamwvr (May 03)
- Re: "Who else picked this one up?" Adam Shostack (May 03)
- Re: "Who else picked this one up?" Carsten Goebels (May 03)
- RE: "Who else picked this one up?" Russ (May 05)