On Sun, 09 Mar 2003 13:09:14 CST, Jack Bates said:
There are private systems in use today like NJABL which act as centralized
private systems. Plural. Because..
resources. I believe that it is possible to come to an agreement on a standardized test suit that can be used and what the variables concerning # of scans and how frequent should be set to. I'm not suggesting a full
Forgive my cynicism, but... you're saying this on the same mailing list where it's possible to start a flame-fest by saying that ISP's should ingress-filter RFC1918 source addresses so they don't pollute the net at large? ;) I've been participating in the Center for Internet Security development of security benchmarks - it was hard enough to get me, Hal Pomeranz, and the reps from DISA and NSA to agree on standards for sites to apply *to themselves*. There's a lot of things that I think are good ideas that I don't want other sites checking for, no matter how well intentioned they are. I'd just *LOVE* to hear how you intend to avoid the same problems that the crew from ORBS ran into with one large provider who decided to block their probes. Failing to address that scenario will guarantee failure....