"andy" == Andy Dills <andy@xecu.net> writes: andy> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?
Depends on why you're doing the probing.
andy> If so, why outlaw the act of probing? Why not outlaw "probing andy> for the purposes of..."? What's the offset into the probe packets to the "intent of the this probe" field? And would you trust it if there were one anyway?
If you're randomly walk up to my house and check to see if the door is unlocked, you better be ready for a reaction. Same thing with unsolicited probes, in my opinion. Can I randomly walk up to your car to see if it's unlocked without getting a reaction out of you?
andy> This is different. Metaphors applying networking concepts to andy> real world scenarios are tenuous at best. andy> In this case, your door being unlocked cannot cause me andy> harm. However, an "unlocked proxy" can. Heh, so I guess you could make it his gun and the safety. Does that change your answer? ;-) andy> Legit probes are an attempt to mitigate network abuse, not andy> increase it. If there was a sanctioned body who was trusted to andy> scan for such things, maybe this wouldn't be an issue. But andy> there's not, so it's a vigilante effort. What's a legit probe? One where the owner gave you permission in advance to run the scan? I can't think of another definition of that phrase. andy> You don't have to. This is why I never understood why people andy> care so much about probing. If you do a good job with your andy> network, probing will have zero affect on you. All the person andy> probing can do (regardless of their intent) is say "Gee, I guess andy> there aren't any vulnerabilities with this network." This is a completely naive statement. There are 0 networks that I'm willing to believe have 0 vulnerabilities on them. There may be 0 that you know about, but that doesn't mean there aren't more vulnerabilities which aren't public knowledge lurking in sendmail or bind or ssh or ssl or apache or any number of other services you have running. IMHO, Michael