RE: SNMP Scans 02/17/02

["Tyrannis Von Nettesheim" <tyrannis () wwc com>]

Folks:

I usually just lurk around here, and try to add value when I can, and
moreover, enjoy the great value of everyone's experiences with security
events and issues. The bottom commentary chilled me a bit when I read it, so
I choose to comment.

To whoever wrote the below commentary, please note I have a different point
of view than you, and this is not a personal retort.

Saying ISP's are responsible for the wrongdoing of people is like making the
same analogy of making the phone company responsible for bookies doing
illegal gambling, or making hardware stores responsible for selling hammers
to murders. ISP's provide a means to communicate, that's all. Traffic
filtration always has negative implications, from censorship to the more
technically obvious ones of taxing the processing <CPU> limits of firewalls
and routers and requiring additional ISP investment.

All of these things solve the problem like cement seals up a crack in a
sidewalk. Educating ISP's is a solution, but the real solution?

Stop producing the broken tools that create these holes. SNMP was never
meant to be a secured transport for performance information. Most all
Internet protocols were designed in an age where the concepts of trust and
machine / entity identification were assumed to be moot or unimportant. That
landscape has changed, but we're still stuck with things like SNMP and SMTP
that understand nothing about security, because they were not intended to,
and were never coded to be so.

Let's spend our time pushing commercial entities and the free source
movements around the world to produce the secure transports for our data
today, and less time trying to find culprits for the problem of dealing with
the legacy of today. Finger pointing just produces a lot of confusing
directions. If we all point our finger @ tomorrow, we'll get to a securer
net a lot quicker.

-T

-----Original Message-----
From: Security Coordinator [mailto:security () aptusventures com]
Sent: Tuesday, February 19, 2002 9:51 AM
To: Peter Johnson; incidents () securityfocus com
Subject: Re: SNMP Scans 02/17/02


On Sunday 17 February 2002 23:23, Peter Johnson wrote:
> Do you think we should be reporting snmp scans to ISPs
> or just a waste of time?

Well, one way or another ISPs need to be fingered. I don't see other people
in the security community saying much, so maybe its time someone started.
ISPs ARE RESPONSIBLE for a lot of the security problems on the net today.
How
could someone do SNMP scans of a network unless ISPs let them get away with


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com