Hi! > If you, as an administrator of a/your system(s), see no problem with > (port) scanners, and take no action to thwart such activity. You are > more than likely to encounter trouble(s) down the road.
Right, portscanning is bad, if not done in a transparent way, so as sys-admin I have to reduce exposure. But it's a valid tool, nevertheless. > In short; I see them all as "black hats". Honestly. Can you *really* > determine good intentions from bad intentions on an incoming port scan? Yes. If it's done with full transparency, I don't mind scanning. With transparency, I mean: - reverse dns is set - scan from the same IP all the time - some point of contact for the scan (a website, email etc) - if requested, the scanner delivers individual results to the scanned - if requested, one can be excluded from the scan - all the results are only used for 'above-the-waterline' work, like research or statistics - scanner is willing to be audited - [maybe some other rules...] In fact, I've even organised such a project doing that for TLS: https://github.com/TLS-Check/tls-check I would not mind a registry at IANA for such transparent scan projects, so that all the other ones can be traced and stopped. -- p...@opsec.eu +49 171 3101372 3 years to go ! _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
