Re: Dynamic IP log retention = 0?

["Ross" <ross () dillio net>]

Joe,

I'll respond to you and this will be my last reply to this thread because
I know I won't be able to change your mind. Saying a company's business
decisions are antisocial just because they aren't doing you want is very
unhelpful. I don't know how many large ISPs you have worked for but I'm
not sure if you understand corporate budgets or politics.

If you consider people who port scan the bad guys of the internet then
obviously you and I are two different planes of reality. I had a
discussion today with someone who I immensely respect where I talked about
port scanning and how people compare it to trying to break in to someone's
house. He disagreed and said that port scanning was like being a part of
the neighborhood watch and that trying to exploit any vulnerabilities you
find would be an attempted break in, I have to agree.

As for your second point of comparing port scanning to the heinous crimes
of rape I'll just ask, "have you lost your damn mind"? Seriously, port
scanning a machine compared to the horrid act of abusing someone sexually?
Seriously, what will be your next analogy, pedophiles are the same as file
sharers?

Port scanning can be a method to find vulnerabilities indeed but what of
those of us who port scan before we use certain services? I often scan
certain hosts before I use them to make sure they don't have gaping
vulnerabilities, should I go to jail? The op said nothing about an attack
but only a scan, so don't go there.

Your idea of operations seems simple because you have the black and white
barrier, there is no gray for you. Some of us actually have a larger
userbase and very small budgets. Now I'll say that the company I work for
goes after network abusers vigorously. To say that port scanners are
miscreants and abusers is your view.

I think everyone wants to stop botnets and exploits from spreading but
Joe, people don't have to answer to you just because you feel that you are
privileged because you have a role in the internet. Scanning and attacks
are two different things and I hope you realize this. If a host on my
network is attacking a host on yours I'm sure we will work to stop it
quickly. If you demand that I turn over the person who scanned you last
night at 12:52 am I may ignore you.

I wish you the best of luck against your crusade against the evil of port
scanning.


-- 
Ross
ross [at] dillio.net

> > Whether Covad chooses to enforce their AUP against port scanning is a
> > business decision up to them.
>
> Yes, it's all a business decision.  That kind of antisocial thinking is
> the sort of thing that has allowed all manner of bad guys to remain
> attached to the Internet.
>
> > Again, why worry about things out of your
> > control, especially when we are talking about port scanning.
>
> Yes, why not talk about rapists and drug dealers instead.  They're much
> worse.  It's just that this forum ... isn't for that.
>
> > I would think people have more pressing issues, guess not.
>
> While I am all for increasing overall security on the Internet, the
> reality is that there will often be devices that are attached that
> are found to be vulnerable in new and intriguing ways.  Port scanning
> is a primary method for finding these vulnerabilities.  To the extent
> that an ISP might proactively port scan its own userbase, that's a good
> use and probably a good idea (has tradeoffs), but bad guys finding
> holes in random devices so that they can launch multiGbps attacks
> against random destinations is a bad thing.
>
> If your idea of "operations" is to make your router work and collect
> your paycheck for another day, then this discussion probably does not
> make any sense to you and you probably don't understand the importance
> of the issue.
>
> If your idea of "operations" is to ensure the reliable operation and
> uphold the performance standards of an IP network, then it should not
> be beyond comprehension that allowing miscreants access to the network
> is one of many things that can adversely affect operations.  If you
> accept that the presence of miscreants on the network is a negative,
> it shouldn't be hard to see that complaining about consistent and
> persistent port scans from what is probably an identifiable host is
> one way to make an impact.
>
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and]
> then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail
> spam(CNN)
> With 24 million small businesses in the US alone, that's way too many
> apples.