Vulnerability Development mailing list archives
Re: Malicious use of grc.com
From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 26 Nov 2001 15:17:18 -0800
Thorsten Droigk wrote:
There are a lot of services on the Internet that portscan a machine of your choice, so there is nothing new about grc.com doing it. If you want to complain about grc.com, you should complain about every proxy in the whole web, too. I do not think that there are big differences between these services and proxies - both hide your original IP from another server but simultanously log it for the case of abuse. I cannot believe that grc.com really does not log the use of its portscan service - that would be too stupid (and illegal, as far as I know). In my eyes, the phrase "Information gained will NOT be retained, viewed, or used by us in any way for any purpose whatsoever" refers to the results of the portscans and not to the logs of grc.com's httpd.
This is one of those funny little things in the security world. By trying, and failing, to limit which IP address will be scanned, he has created a security problem. Had he not tried, there would be nothing to complain about. It's not quite as hypocritical as it sounds. He created the specification, and he violated it. BB
Current thread:
- Re: Malicious use of grc.com netscience (Nov 26)
- <Possible follow-ups>
- Malicious use of grc.com Magni (Nov 26)
- Re: Malicious use of grc.com Brad (Nov 26)
- Re: Malicious use of grc.com Thorsten Droigk (Nov 26)
- Re: Malicious use of grc.com Blue Boar (Nov 26)
- Re: Malicious use of grc.com Festive (Nov 27)
- Re: Malicious use of grc.com Nicolas Gregoire (Nov 27)
- RE: Malicious use of grc.com Everhart, Glenn (FUSA) (Nov 28)
- RE: Malicious use of grc.com Nicko Demeter (Nov 28)
- RE: Malicious use of grc.com H C (Nov 28)