On Fri, 28 Feb 2003, Charlie Clemmer wrote:
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?
Depends on why you're doing the probing.
If so, why outlaw the act of probing? Why not outlaw "probing for the purposes of..."?
If you're randomly walk up to my house and check to see if the door is unlocked, you better be ready for a reaction. Same thing with unsolicited probes, in my opinion. Can I randomly walk up to your car to see if it's unlocked without getting a reaction out of you?
This is different. Metaphors applying networking concepts to real world scenarios are tenuous at best. In this case, your door being unlocked cannot cause me harm. However, an "unlocked proxy" can. Legit probes are an attempt to mitigate network abuse, not increase it. If there was a sanctioned body who was trusted to scan for such things, maybe this wouldn't be an issue. But there's not, so it's a vigilante effort.
Where this thread got started, the scenario was around if I connect to your SMTP server to attempt to relay mail, is it then right to probe me for open relays and so forth. In that case, I can see the reasoning, as I initiated the connection, so you're checking to see if I'm sane or not. The line gets drawn though as to how much probing is reasonable ... can you probe my system for ALL open ports/exploits just because I tried to send mail through you, or can you probe all machines that fit in my address range (and how do you determine my address range?) ... that's where the larger debate comes in.
Actually, I think the debate starts with Paul telling Jon that Jon isn't passively scanning connection hosts, he's actively trawling for open proxies, that Paul has the logs to prove it, and that since Paul is in California, Jon has broken the law. Paul has only indicated his point of view objectively; he hasn't yet indicated he wants to do something about it (or that he personally feels that he should do something about it).
I have servers hosted at shared colo facilities. If you were to scan the entire netblock for my colo provider because a different customer at the same facility tried to send mail through you, how am I to determine your cause, or determine that it was not a scan for a vulnerability?
You don't have to. This is why I never understood why people care so much about probing. If you do a good job with your network, probing will have zero affect on you. All the person probing can do (regardless of their intent) is say "Gee, I guess there aren't any vulnerabilities with this network." Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access