On Sat, 23 Sep 2000, Patrick Greenwell <patrick@cybernothing.org> wrote:
Can someone explain to me why it is ok to blindly scan other peoples networks without their permission for smurf amplifiers and post the results, while doing the same for SMTP servers has met with heavy criticism?
Honestly, it's because we haven't been issued a cease-and-desist order or been sued and lost. Practically, receiving a smurf attack is more costly and bothersome than receiving a piece of spam. Both are annoying but only one can wreck my day. The damage caused by DoS attacks makes for more willingness to accept minor annoyances of scans, mostly firewalls being tripped. That's the reason that netscan.org receives very little criticism -- network administrators would rather have it than not. On the legal front, lack of exposure plays a part. MAPS is much better known than all of the smurf scanning projects combined, especially to non-technical people. MAPS also offers RBL services that can be easily used for blocking traffic and, for some, that translates to lost dollars. So the non-technicals count how many beans they lose from RBL and compare it to the beans they'd pay lawyers to sue. At some point, RBL has enough users that the scale tips and a lawsuit is cost effective. RBL annoys lawsuit-happy folks that perhaps MAPS RSS doesn't. Netscan.org hasn't created a BGP blackhole announcement out of lack of time and because, at least while some significant sites are on it, we doubt many people would use it. Interestingly, looking at the top smurf-announcing ASNs, an average American backbone could block easily half of them and barely notice. As far as criticism, we haven't seen much (and have received a lot of feedback). We regularly receive complaints about scans triggering firewalls, but after a reply, users understand the goal is and don't mind. CERT is the only group that has really been annoyed with the scanning, and even they seem to have stopped emailing. Very few people are annoyed at being listed, but most of our emails go to admins of larger networks, not single-site admins who may think "Gargamel" when told of smurfing. Cheers, Troy