> -----Original Message-----
> From: EXT-Springer, Aaron C [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 18, 2000 1:08 PM
> To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: RE: Someone is scanning me
>
>
> I can understand your position and I would not try to tell you
> how to react.
>
> I think that a scan is just a scan, I would hate to have it come
> to the point where doing a scan on somebody gets your ISP account
> revoked. This country is turning into a police state as it is.
> I can see a future where any kind of probing is deemed illegal by
> the Gestapo. In the UK if you don't give up your crypto keys
> when the Gov. asks, you go to jail. The day may come when having
> strobe or nmap on your machine is illegal..
>
> If they do more than a scan then, hey give it to `em...
>
>
> acs
The more I think about it, the more I am questioning my initial zeal in
spanking this fellow. I think that you have a valid point, but I am still
uncomfortable with what appears to me to be a script kiddy scanning a broad
number of addresses looking quite specifically for Trojan infected machines.
I myself have a fear of the way some of our legislators are looking at
"cyber crime", "cryptology" and various other internet related issues.
Keeping the discussion list-specific, as an operator of numerous
firewalls...
What is our responsibility to this?
Do we wait for the attacker to "breach" before reacting? Or do we try to
determine on a case by case basis what the intent of the anomaly was? I
have always favored preventive action over corrective, but I am trying to
find a happy balance here between ethics, logistics and behavioral
precedents that I will pass on to my employees.
Some of us cannot deal with the number of probes received per day, it would
be a logistic impossibility. (Luckily, I am not one of these. Currently, I
co-locate servers and pay for the services.) Thus, I can understand a
policy based on "Well, what did they actually get away with?"
Or is that too lax?
If we find ourselves with the time and the resources, do we have the
obligation to swat the flies? Am I correct in perceiving that the majority
of intrusions today are from people that actually have little knowledge of
the principles their downloaded tools are based upon - and a bit too much
time on their hands?
In my case, I just shared my logfiles with the German ISP that we assumed
the port scanning originated from. I stressed that no damage was done, and
no successful breach took place. I just alerted them that the event took
place, as a courtesy to them. At least, that truly is the spirit I sent it
in after thinking about everything a few times.
How many people agree or disagree with that action, and why? I am curious.
Thanks.
,_,
(O,O)
( )
-"-"---------------------------------------------------------------
| From the Desk of Michael E. Cummins |
|
| |
| WEBSITE: http://www.i-magery.com |
| E-MAIL: mailto:[EMAIL PROTECTED] |
|
| |
| "The main thing is to keep the main thing, the main thing" |
| - Albert Einstein
| |
|
| |
| "Si hoc legere scis numium eruditionis habes" |
-------------------------------------------------------------------
====================================================
And for you automated email spammers out there,
here are the email addresses of the current board of
the Federal Communications Commission:
Chairman William Kennard: [EMAIL PROTECTED]
Commissioner Susan Ness: [EMAIL PROTECTED]
Commissioner Harold Furchtgott-Roth: [EMAIL PROTECTED]
Commissioner Michael Powell: [EMAIL PROTECTED]
Commissioner Gloria Tristani: [EMAIL PROTECTED]
And let's help you send some spam to the USPS, too:
[EMAIL PROTECTED]
====================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
