Home page logo

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: Roy <garlic () garlic com>
Date: Fri, 28 Feb 2003 17:49:25 -0800

It isn't the probing that is illegal in California, its the unauthorized use of a
domain name especially in the from address.


9.Knowingly and without permission uses the Internet domain name
of another individual, corporation, or entity in connection with the
sending of one or more electronic mail messages, and ....

Andy Dills wrote:

On Fri, 28 Feb 2003, Charlie Clemmer wrote:

At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?

Depends on why you're doing the probing.

If so, why outlaw the act of probing? Why not outlaw "probing for the
purposes of..."?

If you're randomly walk up to my house and check to see if the door is
unlocked, you better be ready for a reaction. Same thing with unsolicited
probes, in my opinion. Can I randomly walk up to your car to see if it's
unlocked without getting a reaction out of you?

This is different. Metaphors applying networking concepts to real world
scenarios are tenuous at best.

In this case, your door being unlocked cannot cause me harm. However, an
"unlocked proxy" can. Legit probes are an attempt to mitigate network
abuse, not increase it. If there was a sanctioned body who was trusted to
scan for such things, maybe this wouldn't be an issue. But there's not, so
it's a vigilante effort.

Where this thread got started, the scenario was around if I connect to your
SMTP server to attempt to relay mail, is it then right to probe me for open
relays and so forth. In that case, I can see the reasoning, as I initiated
the connection, so you're checking to see if I'm sane or not. The line gets
drawn though as to how much probing is reasonable ... can you probe my
system for ALL open ports/exploits just because I tried to send mail
through you, or can you probe all machines that fit in my address range
(and how do you determine my address range?) ... that's where the larger
debate comes in.

Actually, I think the debate starts with Paul telling Jon that Jon isn't
passively scanning connection hosts, he's actively trawling for open
proxies, that Paul has the logs to prove it, and that since Paul is in
California, Jon has broken the law.

Paul has only indicated his point of view objectively; he hasn't yet
indicated he wants to do something about it (or that he personally feels
that he should do something about it).

I have servers hosted at shared colo facilities. If you were to scan the
entire netblock for my colo provider because a different customer at the
same facility tried to send mail through you, how am I to determine your
cause, or determine that it was not a scan for a vulnerability?

You don't have to. This is why I never understood why people care so much
about probing. If you do a good job with your network, probing will have
zero affect on you. All the person probing can do (regardless of their
intent) is say "Gee, I guess there aren't any vulnerabilities with this


Andy Dills                              301-682-9972
Xecunet, LLC                            www.xecu.net
Dialup * Webhosting * E-Commerce * High-Speed Access

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]