On Mon, 11 Dec 2017 19:46:55 +0100 "Kurt Jaeger" <li...@opsec.eu> said

Hi!

> If you, as an administrator of a/your system(s), see no problem with
> (port) scanners, and take no action to thwart such activity. You are
> more than likely to encounter trouble(s) down the road.

Right, portscanning is bad, if not done in a transparent way,
so as sys-admin I have to reduce exposure.

But it's a valid tool, nevertheless.

> In short; I see them all as "black hats". Honestly. Can you *really*
> determine good intentions from bad intentions on an incoming port scan?

Yes. If it's done with full transparency, I don't mind scanning.

With transparency, I mean:
- reverse dns is set
- scan from the same IP all the time
They don't. For the sake of argument, I'll name showdan; they use (off
the top of my head) some 9 to 12 addresses. Addresses the move, also. :(

- some point of contact for the scan (a website, email etc)
- if requested, the scanner delivers individual results to the scanned
- if requested, one can be excluded from the scan
- all the results are only used for 'above-the-waterline' work,
 like research or statistics
- scanner is willing to be audited
- [maybe some other rules...]

In fact, I've even organised such a project doing that for TLS:

https://github.com/TLS-Check/tls-check
I respectfully agree to disagree with you on this. Mostly on one point;
I should be informed *prior* to the port scan/audit, not *after*.


I would not mind a registry at IANA for such transparent scan projects,
so that all the other ones can be traced and stopped.
This, my friend, I agree with you on, wholeheartedly. :-)

--Chris


--
p...@opsec.eu            +49 171 3101372                         3 years to go
!


_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to