Loading ...
Sorry, an error occurred while loading the content.

OT: ethics

Expand Messages
  • ghe
    Wietse says something like Spam is war -- RFCs don t apply. OK, but how about nmap ethics? I ve started hitting spam IPs and their nets with nmap to find out
    Message 1 of 6 , Jul 1, 2009
    • 0 Attachment
      Wietse says something like "Spam is war -- RFCs don't apply." OK, but
      how about nmap ethics?

      I've started hitting spam IPs and their nets with nmap to find out who
      they are and maybe a little of what they're up to (and using the info to
      decide if the net belongs in my packet filter). What's the opinion of
      the list? Is this OK, or just plain rude?

      --
      Glenn English
      ghe@...
    • Evan Platt
      ... I m no attorney, but sounds like a grey area... http://www.securityfocus.com/news/126
      Message 2 of 6 , Jul 1, 2009
      • 0 Attachment
        At 12:37 PM 7/1/2009, you wrote:
        >Wietse says something like "Spam is war -- RFCs don't apply." OK,
        >but how about nmap ethics?
        >
        >I've started hitting spam IPs and their nets with nmap to find out
        >who they are and maybe a little of what they're up to (and using the
        >info to decide if the net belongs in my packet filter). What's the
        >opinion of the list? Is this OK, or just plain rude?

        I'm no attorney, but sounds like a grey area...

        http://www.securityfocus.com/news/126
      • Jan P. Kessler
        ... At first my opinion is that this is the wrong list for that discussion. And although no host/os should be really affected by a simple portscan (what s evil
        Message 3 of 6 , Jul 1, 2009
        • 0 Attachment
          ghe schrieb:
          > Wietse says something like "Spam is war -- RFCs don't apply." OK, but
          > how about nmap ethics?
          >
          > I've started hitting spam IPs and their nets with nmap to find out who
          > they are and maybe a little of what they're up to (and using the info
          > to decide if the net belongs in my packet filter). What's the opinion
          > of the list? Is this OK, or just plain rude?

          At first my opinion is that this is the wrong list for that discussion.

          And although no host/os should be really affected by a simple portscan
          (what's evil about a few connects - my postfix does this all the time
          ;)), you should not forget that a lot of spam comes from hijacked
          systems. So your "rudeness" might be aimed at the wrong target.
        • Brian Mathis
          In general this is a bad idea and you should stop doing it immediately. In the best case it would be seen by the other side as an attack on them from you. In
          Message 4 of 6 , Jul 1, 2009
          • 0 Attachment
            In general this is a bad idea and you should stop doing it
            immediately. In the best case it would be seen by the other side as
            an attack on them from you. In the worst case they might retaliate
            even more against you with some other kind of attack. Considering
            that over 80% of spam is now sent by botnets
            (http://arstechnica.com/security/news/2009/06/report-botnets-send-over-80-of-all-spam-in-june.ars),
            you'd be scanning infected machines and not learning anything about
            anyone other than a home user's ISP, and risking that ISP from
            reporting YOU as an attacker to your ISP.

            The best thing you could do (and even this will have marginal success)
            is to report the IP to the ISP that owns the address you received the
            spam from. They might be able to take that system offline.

            Otherwise, just block the suckers and move on. You probably have
            better things to do with your time.

            On Wed, Jul 1, 2009 at 3:37 PM, ghe<ghe@...> wrote:
            > Wietse says something like "Spam is war -- RFCs don't apply." OK, but how
            > about nmap ethics?
            >
            > I've started hitting spam IPs and their nets with nmap to find out who they
            > are and maybe a little of what they're up to (and using the info to decide
            > if the net belongs in my packet filter). What's the opinion of the list? Is
            > this OK, or just plain rude?
            >
            > --
            > Glenn English
            > ghe@...
            >
            >
          • ghe
            ... Good point, well taken. Thank you all. -- Glenn English ghe@slsware.com
            Message 5 of 6 , Jul 1, 2009
            • 0 Attachment
              On 7/1/09 1:49 PM, Brian Mathis wrote:

              > Otherwise, just block the suckers and move on. You probably have
              > better things to do with your time.

              Good point, well taken. Thank you all.

              --
              Glenn English
              ghe@...
            • Benny Pedersen
              ... http://www.spamhaus.org/drop/index.lasso drop this in firewall and let fail2ban do the rest -- xpoint
              Message 6 of 6 , Jul 5, 2009
              • 0 Attachment
                On Wed, July 1, 2009 22:01, ghe wrote:
                > Good point, well taken. Thank you all.

                http://www.spamhaus.org/drop/index.lasso drop this in firewall

                and let fail2ban do the rest

                --
                xpoint
              Your message has been successfully submitted and would be delivered to recipients shortly.