Loading ...
Sorry, an error occurred while loading the content.

Re: OT: ethics

Expand Messages
  • Evan Platt
    ... I m no attorney, but sounds like a grey area... http://www.securityfocus.com/news/126
    Message 1 of 6 , Jul 1, 2009
    • 0 Attachment
      At 12:37 PM 7/1/2009, you wrote:
      >Wietse says something like "Spam is war -- RFCs don't apply." OK,
      >but how about nmap ethics?
      >
      >I've started hitting spam IPs and their nets with nmap to find out
      >who they are and maybe a little of what they're up to (and using the
      >info to decide if the net belongs in my packet filter). What's the
      >opinion of the list? Is this OK, or just plain rude?

      I'm no attorney, but sounds like a grey area...

      http://www.securityfocus.com/news/126
    • Jan P. Kessler
      ... At first my opinion is that this is the wrong list for that discussion. And although no host/os should be really affected by a simple portscan (what s evil
      Message 2 of 6 , Jul 1, 2009
      • 0 Attachment
        ghe schrieb:
        > Wietse says something like "Spam is war -- RFCs don't apply." OK, but
        > how about nmap ethics?
        >
        > I've started hitting spam IPs and their nets with nmap to find out who
        > they are and maybe a little of what they're up to (and using the info
        > to decide if the net belongs in my packet filter). What's the opinion
        > of the list? Is this OK, or just plain rude?

        At first my opinion is that this is the wrong list for that discussion.

        And although no host/os should be really affected by a simple portscan
        (what's evil about a few connects - my postfix does this all the time
        ;)), you should not forget that a lot of spam comes from hijacked
        systems. So your "rudeness" might be aimed at the wrong target.
      • Brian Mathis
        In general this is a bad idea and you should stop doing it immediately. In the best case it would be seen by the other side as an attack on them from you. In
        Message 3 of 6 , Jul 1, 2009
        • 0 Attachment
          In general this is a bad idea and you should stop doing it
          immediately. In the best case it would be seen by the other side as
          an attack on them from you. In the worst case they might retaliate
          even more against you with some other kind of attack. Considering
          that over 80% of spam is now sent by botnets
          (http://arstechnica.com/security/news/2009/06/report-botnets-send-over-80-of-all-spam-in-june.ars),
          you'd be scanning infected machines and not learning anything about
          anyone other than a home user's ISP, and risking that ISP from
          reporting YOU as an attacker to your ISP.

          The best thing you could do (and even this will have marginal success)
          is to report the IP to the ISP that owns the address you received the
          spam from. They might be able to take that system offline.

          Otherwise, just block the suckers and move on. You probably have
          better things to do with your time.

          On Wed, Jul 1, 2009 at 3:37 PM, ghe<ghe@...> wrote:
          > Wietse says something like "Spam is war -- RFCs don't apply." OK, but how
          > about nmap ethics?
          >
          > I've started hitting spam IPs and their nets with nmap to find out who they
          > are and maybe a little of what they're up to (and using the info to decide
          > if the net belongs in my packet filter). What's the opinion of the list? Is
          > this OK, or just plain rude?
          >
          > --
          > Glenn English
          > ghe@...
          >
          >
        • ghe
          ... Good point, well taken. Thank you all. -- Glenn English ghe@slsware.com
          Message 4 of 6 , Jul 1, 2009
          • 0 Attachment
            On 7/1/09 1:49 PM, Brian Mathis wrote:

            > Otherwise, just block the suckers and move on. You probably have
            > better things to do with your time.

            Good point, well taken. Thank you all.

            --
            Glenn English
            ghe@...
          • Benny Pedersen
            ... http://www.spamhaus.org/drop/index.lasso drop this in firewall and let fail2ban do the rest -- xpoint
            Message 5 of 6 , Jul 5, 2009
            • 0 Attachment
              On Wed, July 1, 2009 22:01, ghe wrote:
              > Good point, well taken. Thank you all.

              http://www.spamhaus.org/drop/index.lasso drop this in firewall

              and let fail2ban do the rest

              --
              xpoint
            Your message has been successfully submitted and would be delivered to recipients shortly.