Honestly people, to summarize all this... Legislation is not the correct "knee jerk" response to technical challenges... Lawyers and Politicians just -think- it is.... Perhaps related to perceiving themselves as important to the problem, eh ? And, that also happens to create a situation where they get paid to be involved, eh ? Science really doesn't care about what is politically correct, or who you are, all it really cares about is mathematics, and reality. Only politicians think it bends to their whim... (See the attempt to "legislate" the value of PI) The reality is, if we outlaw probing, we will be arresting thousands of innocents, as 80% (if not more, this stat is made up, but based upon real world observation ) of the probes in the internet are caused by trojans and worms.... So, Grandma Kettle, sitting out in her cornfield, on GTE DSL is going to go to jail, because her grandson downloaded a "neat" program he saw on the internet.... or, clicked on the attachment that arrived in the e-mail whose subject was the beginning of a cute little joke about snow white, and some dwarves.... By that standard we would be arresting the Microsoft database administrators, for participating in the most recent SQL based worm. (Once penetrated, the MS servers probed other servers to self-propogate, just like other compromised servers..) The sheer volume of "false probe positives" could busy out -any- size agency created to enforce such a law. Legislating something rarely makes the situation better, when it comes to science.....I sugges the answer is found in ACL's, and the technical arena, not the political...... And, also, I suggest PI should remain 3.14(etc.), no matter what the politicians say. Michael Lamoureux wrote:
"andy" == Andy Dills <andy@xecu.net> writes:
andy> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?
Depends on why you're doing the probing.
andy> If so, why outlaw the act of probing? Why not outlaw "probing andy> for the purposes of..."?
What's the offset into the probe packets to the "intent of the this probe" field? And would you trust it if there were one anyway?
If you're randomly walk up to my house and check to see if the door is unlocked, you better be ready for a reaction. Same thing with unsolicited probes, in my opinion. Can I randomly walk up to your car to see if it's unlocked without getting a reaction out of you?
andy> This is different. Metaphors applying networking concepts to andy> real world scenarios are tenuous at best.
andy> In this case, your door being unlocked cannot cause me andy> harm. However, an "unlocked proxy" can.
Heh, so I guess you could make it his gun and the safety. Does that change your answer? ;-)
andy> Legit probes are an attempt to mitigate network abuse, not andy> increase it. If there was a sanctioned body who was trusted to andy> scan for such things, maybe this wouldn't be an issue. But andy> there's not, so it's a vigilante effort.
What's a legit probe? One where the owner gave you permission in advance to run the scan? I can't think of another definition of that phrase.
andy> You don't have to. This is why I never understood why people andy> care so much about probing. If you do a good job with your andy> network, probing will have zero affect on you. All the person andy> probing can do (regardless of their intent) is say "Gee, I guess andy> there aren't any vulnerabilities with this network."
This is a completely naive statement. There are 0 networks that I'm willing to believe have 0 vulnerabilities on them. There may be 0 that you know about, but that doesn't mean there aren't more vulnerabilities which aren't public knowledge lurking in sendmail or bind or ssh or ssl or apache or any number of other services you have running.
IMHO, Michael