Firewall Wizards mailing list archives
Re: "Who else picked this one up?"
From: "Paul D. Robertson" <proberts () clark net>
Date: Tue, 4 May 1999 06:33:03 -0400 (EDT)
On Tue, 4 May 1999, R. DuFresne wrote:
Nobody should be "testing" a scanner against a network I administer without my express permission. The idea that scanning a foreign network for potential vulnerabilities without permission is valid behaviour is just plain wrong.I totally agree. Yet, can I question: Have we not just reduced this to an arguement of cyber-moralities? For, I think, if you got my point that
Yes, for the most part it is no different than e-mail abuse or USENET abuse. We can filter our own traffic, filter traffic that reaches us, or act as a community and make visible people who violate community standards for whatever reason. Community standards is, I think where you take the main issue. Once again, like RBL, it's possible to do this right. There are databases similar to RBL that *aren't* done right, so it's possible to do it incorrectly as well. But once again, this is a solvable problem. If everyone had outbound filter rules for anti-spoofing, things would be a *lot* more difficult for both attackers and those with patently bad manners. The poster who complained of still having mail rejected after being removed from RBL is certainly seeing an artifact of something different, since RBL is a real-time lookup. If I choose to use RBL, then it's a choice for my mail system and my users. If I choose not to, the same is true, but the system doesn't work without a way to report on offenders and aggragate those reports. For INFOSEC, we need not only real-time information, but also historical information. There's no other way to do trending and analysis, and I happen to think that's the last resort we have left these days. If it's done incorrectly, then I'll be the first to yell. That's why it's important to get consensus up front, and be involved. The first step is establishing a baseline, and I think that's what Marcus' focus is, but we're all aware of the possible conclusions, and I think we need to be working in a direction that puts responsibility on network operators. That simply won't happen without some reason for them to behave. If you don't kick an unruly student out of class, then they'll continue to disrupt it. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Re: "Who else picked this one up?", (continued)
- Re: "Who else picked this one up?" R. DuFresne (May 01)
- Re: "Who else picked this one up?" Paul D. Robertson (May 03)
- Re: "Who else picked this one up?" R. DuFresne (May 03)
- Re: "Who else picked this one up?" David Lang (May 04)
- Re: "Who else picked this one up?" Paul D. Robertson (May 04)
- Re: "Who else picked this one up?" R. DuFresne (May 04)
- Re: "Who else picked this one up?" Paul D. Robertson (May 04)
- Re: "Who else picked this one up?" Joseph S D Yao (May 05)
- Re: "Who else picked this one up?" David Gillett (May 07)
- Re: "Who else picked this one up?" Paul D. Robertson (May 03)
- Re: "Who else picked this one up?" R. DuFresne (May 01)
- Re: "Who else picked this one up?" R. DuFresne (May 04)
- Re: "Who else picked this one up?" Paul D. Robertson (May 04)
- Re: "Who else picked this one up?" carson (May 05)
- Re: "Who else picked this one up?" Eric Budke (May 05)