nanog mailing list archives
Re: Scanning the Internet for Vulnerabilities
From: Mel Beckman <mel () beckman org>
Date: Mon, 20 Jun 2022 21:02:47 +0000
Carsten, The discussion is not getting far afield: it’s on point. And it’s a hugely germane topic for network operators. Regarding your claim “You consented to receiving packets when connecting to the Internet“, I counter with what is in virtually every ISP’sAUP for customers: Unauthorized port scanning is expressly prohibited. In fact, when I Google that precise phrase along with “Acceptable Use Policy” I get thousands of hits. I strongly suspect that this is probably also a violation of the U.S. Computer Abuse and Fraud Act, which criminalizes anyone who “Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer.” A great many VA plug-ins attempt to — and often do — extract information they’re not authorized to. -mel
On Jun 20, 2022, at 1:11 PM, Carsten Bormann <cabo () tzi org> wrote: On 2022-06-20, at 19:36, goemon--- via NANOG <nanog () nanog org> wrote:On Mon, 20 Jun 2022, Carsten Bormann wrote:On 2022-06-20, at 14:14, J. Hellenthal <jhellenthal () dataix net> wrote: Yeah that's another thing, "research" cause you need to learn it let's have them do it too, multiply that by every university \o/there was some actual research involved. I agree that there should be a very good reason to expend a tiny bit of everyone’s resources on this. I do not agree that this externality makes any research in this space unethical.Consent is what makes it unethical.You consented to receiving packets by connecting to the Internet. Now there is a limit to that consent (e.g., when these packets have an actual material negative effect), and here we enter an area where all simple schematic approaches fail — you really have to think about outcomes instead of expounding fundamentalist stances.You signed up for this when you joined the Internet (er, stuck with the IPv4 Internet, I should probably say)."If you dont like the unsolicited email, just hit delete" ? How about ... NO.How about: It’s really hard to properly apply analogies. Unsolicited email wastes people’s time, and actually a lot of that. (Responsibly performed) packet probes waste machine time, and very little so. (If you are wasting human time on packet probes, you are holding it wrong.) Totally different outcome, and hence totally different ethics. This “discussion" is getting a bit off-topic. Grüße, Carsten
Current thread:
- Re: Scanning the Internet for Vulnerabilities, (continued)
- Re: Scanning the Internet for Vulnerabilities Owen DeLong via NANOG (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Fernando Gont (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Fernando Gont (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 21)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Carsten Bormann (Jun 20)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities goemon--- via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Carsten Bormann (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Mel Beckman (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Carsten Bormann (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Carsten Bormann (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Michael Butler via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Randy Bush (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Matthew Craig (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Robert L Mathews (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Mel Beckman (Jun 20)