On Sun, Mar 09, 2003 at 10:58:18AM -0600, Jack Bates wrote:
And this is what makes DNSBLs a good deal. Mark is asking for trouble with his theories. If every ISP and business issues its own scans, we only succeed in making scanning traffic worse than spam itself at a server resource level. We also increase the administration factor when mistakes are made. Instead of contacting 3-5 DNSBLs, one must contact every ISP that happened to do a scan during the outage period. Centralizing scanning for security issues is a good thing in every way. It is the responsible
Here's the background: From: "Rich Kulawiec" on Spam-L mailing list thing to do.
I must reluctantly agree. (The reluctance stems from my desire not to intrude on others' networks. However, it's been overcome by the reluctance to be abused by those networks.)
Centralized, or quasi-centralized, scanning with appropriate safeguards (to minimize frequency) and appropriate assignment of responsibility, beats the heck out of having thousands of independent entities repeating the same scans and thus adding to the collective misery.
If we agree on this (and I don't know that we all do) then the debate shifts to "who?" and "how?".
So I'm curious what people think. We have semi centralized various things in the past such as IP assignments and our beloved DNS root servers. Would it not also make sense to handle common security checks in a similar manner? In creating an authority to handle this, we cut back on the amount of noise issued. I bring this up because the noise is getting louder. More and more networks are issuing their own relay and proxy checks. At this rate, in a few years, we'll see more damage done to server resources by scanners than we do from spam and those who would exploit such vulnerabilities. I know that this is more service level than network level, except for the arguments continue to escalate over the rights of people to scan a network. These arguments would be diminished if an authoritative body handled it in a proper manner. At what point do we as a community decide that something needs to be done? Would it not be better to have a single test suite run against a server once every six months than the constant bombardment we see now? -Jack