Re: Scanning the Internet for Vulnerabilities

["Ronald F. Guilmette" <rfg () tristatelogic com>]

In message <CB7990CD-5284-4A9C-BB98-4D55B21B50FF () seiden com>, 
Mark Seiden <mis () seiden com> wrote:

> it should be mentioned that shadowserver also notifies those who 
> register as the owners of that address space.

Yes.  That is quite a public spirited endeavor in the best traditions of
the Internet.

> my thinking about this sort of thing, in general, is:
>
> - it depends on who's doing it and why, and what they do with the information

Yes.  And my question was deliberately open-ended with regards to those
two points, specifically.

Shadowserver is an example of a public-interest enterprise.  And unless
I'm mistaken, we can easily know who they are and what they do with the
information they collect.

There are however counter-examples... enterprises that are not quite so
forthright, either in their willingness to be identified or in the disposition
of their results data.

> - it's polite enough for me for the good guys to identify 
> themselves so you (the target) can worry
> less when you notice the activity.

I agree.  But that that raises the question:  How would (or should) a "benign"
scanning enterprise publicly identify itself in a manner so as to mitigate
undue alarm?


Regards,
rfg