On Sat, 23 Sep 2000, Patrick Greenwell wrote:
On Sat, 23 Sep 2000, Troy Davis wrote:
Greetings,
netscan.org now has a list of the ASNs announcing the most smurf amplifiers, available at: http://netscan.org/most-active-asns.html
It's not currently being dynamically generated, but it will be in the next few weeks, when we will probably increase it to show the top 1000 and perhaps add more information (email address, number of amps, average amplification, amps as a percentage of total class Cs being announced).
Can someone explain to me why it is ok to blindly scan other peoples networks without their permission for smurf amplifiers and post the results, while doing the same for SMTP servers has met with heavy criticism?
The question is *not* intended as a flame, I would just really like to understand the reasoning that makes one apparently acceptable and the other not.
Thanks.
IMHO, both types of scans serve to benefit the operator of the network/service that is scanned, IF and only _IF_ that operator takes action to correct any problems that may be detected/reported. To more specifically answer your question though, I consider it to be less intrusive for someone to send an ICMP echo request to the broadcast/network address of every CIDR bit boundry of networks on our backbone and count the replies than for someone to randomly scan for SMTP servers and then subject those servers to a massive relay test. The SMTP testing represents more load on hosts and the network than the SMURF testing. --- John Fraizer EnterZone, Inc