Home page logo

nanog logo nanog mailing list archives

RE: Stealth Blocking
From: Roeland Meyer <rmeyer () mhsc com>
Date: Wed, 23 May 2001 17:15:02 -0700

From: David Schwartz [mailto:davids () webmaster com]
Sent: Wednesday, May 23, 2001 4:54 PM

In the PURE war, one ONLY shoots confirmed bad-guys and has ZERO
collateral damage.

      So if someone has a machine gun and is firing randomly, 
you don't act to stop him until he happens to hit someone? 

Lottsa mitigating circumstances here;
.Are they shooting spam?
.Are they trying to hit anyone?

One spammer is no justification for nuking their entire city. Targeted
response, sir ... targeted response. That's what MAPS is, a laser beam, not
a hand granade.

That's madness. [I] don't advocate
random scanning, as it is unethical to probe random people for
vulnerability. However, once you know there is in fact an 
open relay, you are entirely justified in blocking it.

Agreed, but its open-relay status is irrelevent. The fact that one has
proof-positive of spam, from that site, is.

And if you have legitimate reason to
suspect a site is an open relay, you are entirely justified 
in probing it to see whether or not it is.

No you are not, by your own ethical standards. Suspicion is not proof. Only
a piece of spam, in hand, from that specific site, is sufficient grounds.

      If your neighbor is aiming a gun at you, you are 
justified in checking to see if it's loaded. 

No you are not, you assume that it is and fire first <grin>. But, you are
not justified in taking out his whole block, including the other neighbors.
You are not allowed ANY collateral damage. Anything less is sloppy anyway.
What's the matter, ain't you that good? Can't you aim?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]