I've been lurking here for quite some time.. and at least in my mind, this
issue is quite simple.. I am the firewall admin for my organization which
actually spans several states.. and I actively use nmap/nessus/etc to scan
_OUR_ network both inside and outside for potential security problems. I
would never even consider scanning another person/organizaion without a
complete set of legal documents describing what/why/when etc.
We know that folks out on the net have all the same security tools that we
have. We must legally be allowed to posess/create/use the same tools to
ensure our own security, however there is no point in us turning these
tools on eachother unless our goal is to expose/exploit any weakness we find.
Just my 2c.
Tony
On Fri, Feb 18, 2000 at 01:27:34PM -0500, Michael E. Cummins wrote:
> > -----Original Message-----
> > From: EXT-Springer, Aaron C [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, February 18, 2000 1:08 PM
> > To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> > Subject: RE: Someone is scanning me
> >
> >
> > I can understand your position and I would not try to tell you
> > how to react.
> >
> > I think that a scan is just a scan, I would hate to have it come
> > to the point where doing a scan on somebody gets your ISP account
> > revoked. This country is turning into a police state as it is.
> > I can see a future where any kind of probing is deemed illegal by
> > the Gestapo. In the UK if you don't give up your crypto keys
> > when the Gov. asks, you go to jail. The day may come when having
> > strobe or nmap on your machine is illegal..
> >
> > If they do more than a scan then, hey give it to `em...
> >
> >
> > acs
>
>
> The more I think about it, the more I am questioning my initial zeal in
> spanking this fellow. I think that you have a valid point, but I am still
> uncomfortable with what appears to me to be a script kiddy scanning a broad
> number of addresses looking quite specifically for Trojan infected machines.
>
> I myself have a fear of the way some of our legislators are looking at
> "cyber crime", "cryptology" and various other internet related issues.
> Keeping the discussion list-specific, as an operator of numerous
> firewalls...
>
> What is our responsibility to this?
>
> Do we wait for the attacker to "breach" before reacting? Or do we try to
> determine on a case by case basis what the intent of the anomaly was? I
> have always favored preventive action over corrective, but I am trying to
> find a happy balance here between ethics, logistics and behavioral
> precedents that I will pass on to my employees.
>
> Some of us cannot deal with the number of probes received per day, it would
> be a logistic impossibility. (Luckily, I am not one of these. Currently, I
> co-locate servers and pay for the services.) Thus, I can understand a
> policy based on "Well, what did they actually get away with?"
>
> Or is that too lax?
>
> If we find ourselves with the time and the resources, do we have the
> obligation to swat the flies? Am I correct in perceiving that the majority
> of intrusions today are from people that actually have little knowledge of
> the principles their downloaded tools are based upon - and a bit too much
> time on their hands?
>
> In my case, I just shared my logfiles with the German ISP that we assumed
> the port scanning originated from. I stressed that no damage was done, and
> no successful breach took place. I just alerted them that the event took
> place, as a courtesy to them. At least, that truly is the spirit I sent it
> in after thinking about everything a few times.
>
> How many people agree or disagree with that action, and why? I am curious.
>
> Thanks.
>
> ,_,
> (O,O)
> ( )
> -"-"---------------------------------------------------------------
> | From the Desk of Michael E. Cummins |
> |
> |
> | WEBSITE: http://www.i-magery.com |
> | E-MAIL: mailto:[EMAIL PROTECTED] |
> |
> |
> | "The main thing is to keep the main thing, the main thing" |
> | - Albert Einstein
> |
> |
> |
> | "Si hoc legere scis numium eruditionis habes" |
> -------------------------------------------------------------------
>
>
> ====================================================
> And for you automated email spammers out there,
> here are the email addresses of the current board of
> the Federal Communications Commission:
> Chairman William Kennard: [EMAIL PROTECTED]
> Commissioner Susan Ness: [EMAIL PROTECTED]
> Commissioner Harold Furchtgott-Roth: [EMAIL PROTECTED]
> Commissioner Michael Powell: [EMAIL PROTECTED]
> Commissioner Gloria Tristani: [EMAIL PROTECTED]
> And let's help you send some spam to the USPS, too:
> [EMAIL PROTECTED]
> ====================================================
>
>
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
Tony Nelson
www.gnupg.org keyid 136C5B87
- Standard Disclaimers Apply -
Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html
PGP signature
