Home page logo

nanog logo nanog mailing list archives

Re: Anyone notice strange announcements for
From: "Nathan Malynn" <neito () nerdramblingz com>
Date: Thu, 15 Jan 2009 09:54:05 -0500

Here's a question that's been bugging me the whole thread, and it's a
bit of a newbie one. How is this different than someone faking SMTP
headers to make it seem like an email came from my domain when it
didn't? I'm talking in terms of morals, obviously; I understand the
technique is different.

On Thu, Jan 15, 2009 at 9:44 AM, Patrick W. Gilmore <patrick () ianai net> wrote:
On Jan 15, 2009, at 3:54 AM, Andy Davidson wrote:

On 14 Jan 2009, at 16:06, Jeroen Massar wrote:

Simon Lockhart wrote:

(Yes, I'm in the minority that thinks that Randy hasn't done anything

Nah, I agree with Randy's experiment too. People should protect their
networks better and this is clearly showing that there are a lot of
vulnerable places in the core internet structure.

The end sometimes justifies the means, and someone in the research
community discovering flaws in bgp implementation (software, protocol, or
process - at the bgp stack, in my NOC tools, in the community's
understanding) before hackers/spammers/fraudsters do, then I count that as a

We disagree.

The 'researcher' does not get to decide whether the information gained by
yelling fire to see how quickly people react is worth the risk of someone
getting hurt, or even just missing the rest of the movie.

No reputable research institution's ethics committee would allow an
"experiment" to proceed which announced a prefix in such a way that every
network engineer on the planet would assume the prefix traveled through $ASN
even though the prefix had not, and the researcher did not even notify $ASN
of the experiment.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]