Re: Scanning the Internet for Vulnerabilities Re: 202207272146.AYC

Hi, John: 0) Thanks for sharing your thoughts. The IoT identification (IP address) versus privacy is a rather convoluted topic. It can quickly get distracted and diluted if we look at it by piecemeal. Allow me to go through an overview to convey my logic. 1) It is true that a dynamic IoT

Re: Scanning the Internet for Vulnerabilities Re: 202207240927.AYC

On 7/24/22 07:20, Abraham Y. Chen wrote: Hi, John: 1) "...  dynamically assigned IP address space can still be tracked back to a given system ... ": I fully agree with this statement. However,    A. You overlooked the critical consideration of the response time. If this can not be done in

Re: Scanning the Internet for Vulnerabilities Re: 202207240927.AYC

> On 24 Jul 2022, at 10:20 AM, Abraham Y. Chen wrote: > > Hi, John: > > 1) "... dynamically assigned IP address space can still be tracked back to a > given system ... ": I fully agree with this statement. However, >A. You overlooked the critical consideration of the response time. If

Re: Scanning the Internet for Vulnerabilities Re: 202207240927.AYC

Hi, John: 1) "...  dynamically assigned IP address space can still be tracked back to a given system ... ": I fully agree with this statement. However,    A. You overlooked the critical consideration of the response time. If this can not be done in real time for law enforcement purposes, it is

Re: Scanning the Internet for Vulnerabilities Re: 202207232217.AYC

Abe - Static versus dynamic address assignment isn’t the problem - dynamically assigned IP address space can still be tracked back to a given system (reference: RFC6302/BCP162 & RFC6269 for discussion of the requirements and various related issues.) Tracking back to a particular server

Re: Scanning the Internet for Vulnerabilities Re: 202207232217.AYC

Hi, John: 1) "... i.e. we’re instead going to engage in the worlds longest running game of “whack-a-mole” by just blocking their last known website/mail server/botnet and the wishing for the best… ": Perhaps it is time for us to consider the "Back to the Future" strategy, i.e., the Internet

Re: Scanning the Internet for Vulnerabilities

Barry - I did not say “obligation” - enforcement of laws is always modulated by local factors (just look at the formal decision not to prosecute “minor” crimes in some cities) - but rather said that police will pursue in many jurisdictions. This is particularly true in cases where the

Re: Scanning the Internet for Vulnerabilities

On June 22, 2022 at 10:35 jcur...@istaff.org (John Curran) wrote: > Barry - > > > There is indeed a metaphor to your “rattling doorknobs", but it’s not > pretty when it comes to the Internet… > > If you call the police because someone is creeping around your property >

Re: Scanning the Internet for Vulnerabilities

Hi, While it's possible to have a discussion on the topic, I think that the only safe bet is that, when connected to the Internet, you'll definitely be subject to scanning. I doubt there's much you want to do at a SOC about it unless it's a recurring situation involving a somewhat big

Re: Scanning the Internet for Vulnerabilities

Barry - There is indeed a metaphor to your “rattling doorknobs", but it’s not pretty when it comes to the Internet… If you call the police because someone is creeping around your property checking doors and windows for possible entry, then they will indeed come out and attempt to arrest

Re: Scanning the Internet for Vulnerabilities

When I lock the doors etc to my home I'll often mutter "ya know, if someone is rattling my door knob I already have a big problem." I suppose when I'm home it might give me a warning if I hear it. There must be a metaphor in there somewhere. I do recall as a teen noticing that one of the

Re: Scanning the Internet for Vulnerabilities

On June 20, 2022 at 18:01 jhellent...@dataix.net (J. Hellenthal) wrote: > > To what extent and to whom will you authorize to do that? 100 random college > students? X number of new security firms? At some point it will break. Define "authorize". > > -- > J. Hellenthal > > The

Re: Scanning the Internet for Vulnerabilities

> On Jun 20, 2022, at 10:02 AM, Michael Butler via NANOG > wrote: > > I treat these folk with the same respect they afford me. Not once in 30 years > of having a connected network (v4 or v6) has any entity asked "is it OK if we > .. ?". Quite the opposite, I once had to endure significant

Re: Scanning the Internet for Vulnerabilities

Hi, Ronald, On 21/6/22 03:53, Ronald F. Guilmette wrote: In message <7c5f9d80-8686-07bb-b6ed-6e41fa1e1...@si6networks.com>, Fernando Gont wrote: Note: What's most usually done out there is scanning for ports, rather than for vulnerabilities. Yes, and at least some of the responses in this

Re: Scanning the Internet for Vulnerabilities

Hi, Ronald, On 19/6/22 07:13, Ronald F. Guilmette wrote: I would like to solicit the opinions of network operators on the practice of scanning all of, or large chunks of the internet for known vulnerabilities. Note: What's most usually done out there is scanning for ports, rather than for

Re: Scanning the Internet for Vulnerabilities

In message <4e6319ba-d332-f25e-d128-1b8abc724...@si6networks.com>, Fernando Gont wrote: >> Depending on who is doing it, and why, my personal feeling is that even >> here in 2022 this should still be viewed as being exceptionally anti-social, >> and worthy of calling out publicly, but I must

Re: Scanning the Internet for Vulnerabilities

In message <7c5f9d80-8686-07bb-b6ed-6e41fa1e1...@si6networks.com>, Fernando Gont wrote: >Note: What's most usually done out there is scanning for ports, rather >than for vulnerabilities. Yes, and at least some of the responses in this thread have not, I think, noted this rather important

Re: Scanning the Internet for Vulnerabilities

> To what extent and to whom will you authorize to do that? 100 random > college students? X number of new security firms? At some point it > will break. definitely not raging nanog vigilantes :) randy

Re: Scanning the Internet for Vulnerabilities

> For example I've gotten email in the past that some of my servers were > running ntp in a way which makes them vuln to being used for DDoS > amplification and, I believe, fixed that. I didn't mind. that was a really well done campaign. i thanked them profusely. randy

Re: Scanning the Internet for Vulnerabilities

Matt Palmer wrote: On Mon, Jun 20, 2022 at 02:18:30AM +, Mel Beckman wrote: When researchers, or whoever, claim their scanning an altruistic service, I ask them if they would mind someone coming to their home and trying to open all the doors and windows every night. If there were a few

Re: Scanning the Internet for Vulnerabilities

On Mon, Jun 20, 2022 at 02:18:30AM +, Mel Beckman wrote: > When researchers, or whoever, claim their scanning an altruistic service, > I ask them if they would mind someone coming to their home and trying to > open all the doors and windows every night. If there were a few hundred people with

Re: Scanning the Internet for Vulnerabilities

To what extent and to whom will you authorize to do that? 100 random college students? X number of new security firms? At some point it will break. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun

Re: Scanning the Internet for Vulnerabilities

On 6/20/22 12:24 PM, Matthew Craig wrote: The intent behind vulnerability scans is good, however the majority of DOS attacks that my networks encounter these days are from cybersecurity organizations conducting cybersecurity research. Yeah. The unwritten rule of this is "if you're going to do

Re: Scanning the Internet for Vulnerabilities

It seems to me there's vulnerability testing and there's vulnerability testing and just lumping them all together motivates disparate opinions. For example it's one thing to perhaps see if home routers login/passwords are admin/admin or similar, or if systems seem to be vuln to easily

Re: Scanning the Internet for Vulnerabilities

On 2022-06-20, at 23:02, Mel Beckman wrote: > > Carsten, > > The discussion is not getting far afield: it’s on point. And it’s a hugely > germane topic for network operators. > > Regarding your claim “You consented to receiving packets when connecting to > the Internet“, I counter with what

Re: Scanning the Internet for Vulnerabilities

Carsten, The discussion is not getting far afield: it’s on point. And it’s a hugely germane topic for network operators. Regarding your claim “You consented to receiving packets when connecting to the Internet“, I counter with what is in virtually every ISP’sAUP for customers: Unauthorized

Re: Scanning the Internet for Vulnerabilities

On 2022-06-20, at 19:36, goemon--- via NANOG wrote: > > On Mon, 20 Jun 2022, Carsten Bormann wrote: >>> On 2022-06-20, at 14:14, J. Hellenthal wrote: >>> Yeah that's another thing, "research" cause you need to learn it let's have >>> them do it too, multiply that by every university \o/ >>

Re: Scanning the Internet for Vulnerabilities

Hey - I have a neat new idea...  Let's test the structure of levees by flooding the rivers and seeing what levees don't survive. Geoff On 6/20/22 07:46, Mel Beckman wrote: Carsten, No, it’s more like 50,000 furnace guys who show up several times a day to rattle doorknobs, attempt to push

Re: Scanning the Internet for Vulnerabilities

Randy, Great idea! And bill the taxpayers! -mel via cell > On Jun 20, 2022, at 11:55 AM, Randy Bush wrote: > >  >> >> I treat these folk with the same respect they afford me. Not once in >> 30 years of having a connected network (v4 or v6) has any entity asked >> "is it OK if we .. ?". > >

Re: Scanning the Internet for Vulnerabilities

The intent behind vulnerability scans is good, however the majority of DOS attacks that my networks encounter these days are from cybersecurity organizations conducting cybersecurity research. Funding requests for DOS mitigation solutions to protect my networks from cybersecurity researchers

Re: Scanning the Internet for Vulnerabilities

> I treat these folk with the same respect they afford me. Not once in > 30 years of having a connected network (v4 or v6) has any entity asked > "is it OK if we .. ?". how strange, considering you are replying to a thread doing so. fwiw, i appreciate vuln scanners. i do not have the hubris or

Re: Scanning the Internet for Vulnerabilities

On Mon, 20 Jun 2022, Carsten Bormann wrote: On 2022-06-20, at 14:14, J. Hellenthal wrote: Yeah that's another thing, "research" cause you need to learn it let's have them do it too, multiply that by every university \o/ there was some actual research involved. I agree that there should be a

Re: Scanning the Internet for Vulnerabilities

On Mon, Jun 20, 2022 at 11:02:25AM -0400, Michael Butler via NANOG wrote: > I treat these folk with the same respect they afford me. Not once in 30 > years of having a connected network (v4 or v6) has any entity asked "is it > OK if we .. ?". > > To my mind, it seems rather idiotic and

Re: Scanning the Internet for Vulnerabilities

I treat these folk with the same respect they afford me. Not once in 30 years of having a connected network (v4 or v6) has any entity asked "is it OK if we .. ?". To my mind, it seems rather idiotic and self-defeating to have the plumbing congested with packets intended to measure congestion

Re: Scanning the Internet for Vulnerabilities

On Mon, Jun 20, 2022 at 02:47:27PM +0200, Carsten Bormann wrote: > J., > > > On 2022-06-20, at 14:14, J. Hellenthal wrote: > > > > Yeah that's another thing, "research" cause you need to learn it let's have > > them do it too, multiply that by every university \o/ > No no not saying there

Re: Scanning the Internet for Vulnerabilities

Carsten, No, it’s more like 50,000 furnace guys who show up several times a day to rattle doorknobs, attempt to push slim Jim’s into window latches, hack your garage door opener, sneak into your back garden, and fly drones around your home to see what valuables you might have. Yes, some of

Re: Scanning the Internet for Vulnerabilities

On Sun, 19 Jun 2022 08:06:59 -0400 Dovid Bender wrote: > I don't know who is doing it. I just know that IL Cert contacted our > parent company which has an ISP in Israel when things were "hot". Some national government infrastructure protection organizations will relay notifications to local

Re: Scanning the Internet for Vulnerabilities

J., > On 2022-06-20, at 14:14, J. Hellenthal wrote: > > Yeah that's another thing, "research" cause you need to learn it let's have > them do it too, multiply that by every university \o/ there was some actual research involved. I agree that there should be a very good reason to expend a

Re: Scanning the Internet for Vulnerabilities

Yeah that's another thing, "research" cause you need to learn it let's have them do it too, multiply that by every university \o/ -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun 20, 2022, at

Re: Scanning the Internet for Vulnerabilities

On 2022-06-20, at 04:18, Mel Beckman wrote: > > When researchers, or whoever, claim their scanning an altruistic service, I > ask them if they would mind someone coming to their home and trying to open > all the doors and windows every night. Well, it is more like the guy who comes once a

Re: Scanning the Internet for Vulnerabilities

Wish I still had that email from them where person "possibly not speaking for the company" stated that "they scan the entire internet for vulns and other nefarious things.Where I stated "don't care get your unwanted advertisement scans off my edge, if I want you in the future I know where to find

Re: Scanning the Internet for Vulnerabilities

Yep that's exactly what that is. While the intention is good, it's all still unwarranted.--  J. HellenthalThe fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.On Jun 19, 2022, at 21:18, Mel Beckman wrote: When researchers, or

Re: Scanning the Internet for Vulnerabilities

shadow server (to the best of my knowledge) only scans sites that have invited them to do so. Owen > On Jun 19, 2022, at 10:43 , Forrest Christian (List Account) > wrote: > > See shadowserver.net > On Sun, Jun 19, 2022, 4:13 AM Ronald F. Guilmette

Re: Scanning the Internet for Vulnerabilities

I would still consider an uninvited scan of my network antisocial. Other operators are, of course, free to make their own choices. Owen > On Jun 19, 2022, at 03:13 , Ronald F. Guilmette > wrote: > > I would like to solicit the opinions of network operators on the practice > of scanning all

Re: Scanning the Internet for Vulnerabilities

On Sun, 19 Jun 2022, Ronald F. Guilmette wrote: In earlier times, this was generally viewed as being distinctly anti-social behavior, but perhaps attitudes have changed relative to earlier eras. I would thus like to know how people feel about it now, in 2022. This has not changed. -Dan

Re: Scanning the Internet for Vulnerabilities

In message , Mark Seiden wrote: >btw, if you want to do this yourself, you might consider using something like > >https://github.com/opsdisk/scantron Thank you, but as I noted in the post beginning this thread, I personally have no interest in performing this type of activity at the present

Re: Scanning the Internet for Vulnerabilities

In message , Mark Seiden wrote: >it should be mentioned that shadowserver also notifies those who >register as the owners of that address space. Yes. That is quite a public spirited endeavor in the best traditions of the Internet. >my thinking about this sort of thing, in general, is: > >-

Re: Scanning the Internet for Vulnerabilities

When researchers, or whoever, claim their scanning an altruistic service, I ask them if they would mind someone coming to their home and trying to open all the doors and windows every night. -mel beckman On Jun 19, 2022, at 6:14 PM, J. Hellenthal via NANOG wrote:  Had to send these guys a

Re: Scanning the Internet for Vulnerabilities

Had to send these guys a cease and desist a few years back as they became so noisy it was causing to much of a disconnect between information we were trying to compare.Can't for for more idiot services to just jump on the wagon and deploy their own scanners and pollute edges without a just cause. 

Re: Scanning the Internet for Vulnerabilities

Project Sonar from Rapid7 conducts internet-wide surveys and is kind enough to share the data with researchers: https://www.rapid7.com/research/project-sonar/ On Sun, Jun 19, 2022 at 10:24 PM Mark Seiden wrote: > btw, if you want to do this yourself, you might consider using something > like >

Re: Scanning the Internet for Vulnerabilities

btw, if you want to do this yourself, you might consider using something like https://github.com/opsdisk/scantron > On Jun 19, 2022, at 11:17 AM, Mark Seiden wrote: > > greetings. > > it should be mentioned that shadowserver also notifies those who register as > the owners of that address

Re: Scanning the Internet for Vulnerabilities

greetings. it should be mentioned that shadowserver also notifies those who register as the owners of that address space. it’s very useful. (it would be more useful if they calculated diffs and notified about changes/additions.) my thinking about this sort of thing, in general, is: - it

Re: Scanning the Internet for Vulnerabilities

> Also Germany and Estonia, they scan DE and EE IPs and send emails to > ISPs every day. being in EE space, never receiving such a notice, and lacking the hubris to think that all our systems are squeaky clean, i have my doubts. i suspect that we will be seeing folk who dress well scanning for

Re: Scanning the Internet for Vulnerabilities

Correction... shadowserver.org They scan the entire ipv4 internet daily for select potential vulnerabilities. On Sun, Jun 19, 2022, 11:43 AM Forrest Christian (List Account) < li...@packetflux.com> wrote: > See shadowserver.net > > On Sun, Jun 19, 2022, 4:13 AM Ronald F. Guilmette > wrote: >

Re: Scanning the Internet for Vulnerabilities

See shadowserver.net On Sun, Jun 19, 2022, 4:13 AM Ronald F. Guilmette wrote: > I would like to solicit the opinions of network operators on the practice > of scanning all of, or large chunks of the internet for known > vulnerabilities. > > In earlier times, this was generally viewed as being

RE: Scanning the Internet for Vulnerabilities

Also Germany and Estonia, they scan DE and EE IPs and send emails to ISPs every day. From: NANOG On Behalf Of Dovid Bender Sent: Sunday, June 19, 2022 19:51 To: Ronald F. Guilmette Cc: NANOG Subject: Re: Scanning the Internet for Vulnerabilities I know that in Israel the cyber dept

Re: Scanning the Internet for Vulnerabilities

On Sun, Jun 19, 2022 at 8:01 AM Ronald F. Guilmette wrote: > In message udtn6t1o+cv-nh6jbz...@mail.gmail.com> > Dovid Bender > >I know that in Israel the cyber dept of the government scans IL IP space > >then notifies ISP's to notify their clients. This helps where you have > >clueless people

Re: Scanning the Internet for Vulnerabilities

In message Dovid Bender I know that in Israel the cyber dept of the government scans IL IP space >then notifies ISP's to notify their clients. This helps where you have >clueless people that don't know they have devices that can easily be >compromised. That's most interesting and I certainly did

Re: Scanning the Internet for Vulnerabilities

I know that in Israel the cyber dept of the government scans IL IP space then notifies ISP's to notify their clients. This helps where you have clueless people that don't know they have devices that can easily be compromised. On Sun, Jun 19, 2022 at 6:13 AM Ronald F. Guilmette wrote: > I would

Re: Scanning the Internet for Vulnerabilities

IMHO not good. -J On Sun, Jun 19, 2022 at 5:14 AM Ronald F. Guilmette wrote: > I would like to solicit the opinions of network operators on the practice > of scanning all of, or large chunks of the internet for known > vulnerabilities. > > In earlier times, this was generally viewed as being

Scanning the Internet for Vulnerabilities

I would like to solicit the opinions of network operators on the practice of scanning all of, or large chunks of the internet for known vulnerabilities. In earlier times, this was generally viewed as being distinctly anti-social behavior, but perhaps attitudes have changed relative to earlier