-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?
Depends on why you're doing the probing. If you're randomly walk up to my house and check to see if the door is unlocked, you better be ready for a reaction. Same thing with unsolicited probes, in my opinion. Can I randomly walk up to your car to see if it's unlocked without getting a reaction out of you? Where this thread got started, the scenario was around if I connect to your SMTP server to attempt to relay mail, is it then right to probe me for open relays and so forth. In that case, I can see the reasoning, as I initiated the connection, so you're checking to see if I'm sane or not. The line gets drawn though as to how much probing is reasonable ... can you probe my system for ALL open ports/exploits just because I tried to send mail through you, or can you probe all machines that fit in my address range (and how do you determine my address range?) ... that's where the larger debate comes in. I have servers hosted at shared colo facilities. If you were to scan the entire netblock for my colo provider because a different customer at the same facility tried to send mail through you, how am I to determine your cause, or determine that it was not a scan for a vulnerability? Just my opinions ... Charlie -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPl/RFKvEtUU05riwEQJV8gCaAkCTqzaB2BtbAqrcG2IGf4O/tfoAoKEd NSQGE2TuArNzErLNXHacGPmS =hndb -----END PGP SIGNATURE-----