Re: "Don't panic"?
From: Bruno Wolff III (bruno@cerberus.csd.uwm.edu)Date: 02/06/02
- Next message: Joerg Schilling: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- Previous message: Joerg Schilling: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- In reply to: Kurtis D. Rader: "Re: "Don't panic"?"
- Next in thread: Simon Matthews: "Re: "Don't panic"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bruno Wolff III <bruno@cerberus.csd.uwm.edu> Date: 6 Feb 2002 13:53:56 GMT
In article <pan.2002.02.05.21.15.10.394407.3628@aracnet.com>, Kurtis D. Rader wrote:
>
> addresses. If my system acted as a router it would be reasonable to use
> techniques such as those employed by traceroute to interrogate my system. Yet
> SSH by its very nature is not intended to provide a public service.
But people could have public access through ssh. So that while the access
is public, the information transferred during that session is kept private.
> Here, again, we are in agreement. Simply knocking on my door (connecting to
> port 22 on my computer) does not constitute breaking and entering, and I'm
> sorry my earlier posting implied that it did. But a burglar looking for an
> easy target by checking all the doors and windows in a neighborhood
> (portscanning a subnet) is still a criminal even though they don't manage to
> break into my house (computer).
While undoubtably that vast majority of the scans are being done by trouble
makers, some people might be scanning as part of a survey project or
have some other (semi) legitimate reason for scanning your network.
> The question is: what can we do as computer professionals, service providers
> (i.e., ISPs), end-users, and law-enforcement to keep the petty criminals of
> the cyberworld under control? I'm doing my part by properly securing the
> systems under my control and educating my relatives. But what else can we be
> doing?
That is probably the most important stuff. While port scanning is a waste
of network bandwidth, once there aren't a lot of vulnerable systems for
trouble makers to find, it won't be so popular with that crowd.
> Given the nature of the technology it isn't useful to invest any effort in
> creating laws regarding the "intent" to break into a computer system.
NO. This is going to cause more problems than it solves.
> Attempting to apply the historical laws of the physical world to the
> cyberworld is fraught with danger. In fact, doing so would basically destroy
> the Internet as we know it. But by alerting the administrative body for the
> subnet the questionable probes originate from perhaps the anti-social members
> of the cyberworld can be shut down before causing damage. Even if it only
> slows them down it is worthwhile since it is likely to minimize the damage
> they cause.
It isn't clearly worthwhile. If everyone who receives a packet as part of
a port scan reports back to an ISP a lot of people time and network bandwidth
will end up being wasted. If some aggregation is done by automated tools
(such as mynetwatchman) less effort is wasted, but it still isn't clearly
better than if people outside of the source network just ignored port
scans.
- Next message: Joerg Schilling: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- Previous message: Joerg Schilling: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
- In reply to: Kurtis D. Rader: "Re: "Don't panic"?"
- Next in thread: Simon Matthews: "Re: "Don't panic"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
