[ On Sunday, May 19, 2002 at 14:14:18 (-0400), Allan Liska wrote: ]
Subject: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product)
However, if the same network is continuously portscanning your network that network should be stopped.
Unless you're also a tier-1 kind of provider you don't usually get to control the AUP for other networks unrelated to your own. How do you propose to resolve a fundamental conflict between your own users need to access the content on a network that also happens to be regularly scanning your network? Unless real damage is done you probably don't even have any recourse under the law, even if you do happen to be in the same jurisdiction (and heaven help us should any such recourse ever become possible in the free world!). Unless you expect to be vulnerable to attack and thus really need to have a record of past scans in case they can be used in evidence; or maybe unless you're doing research into scanning activities; even keeping long-term logs of all scans becomes more of a burden than it's worth. "You will be scanned. Resistance is futile!" I.e. get over it! ;-) (Actually, that's not as bad of an analogy -- look at how active scans are handled in science fiction, such as in Star Trek. Sometimes they're treated as hostile, sometimes not. Scans aren't just used to target weapons -- they're also used to detect life signs on rescue missions! Certainly unless the captain is scared witless he or she has never held back on doing an active scan when information is needed, and when he or she is scared of detection a variety of "stealth scans" are often still attempted.) -- Greg A. Woods +1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>