nanog mailing list archives
Re: Scanning the Internet for Vulnerabilities
From: "Ronald F. Guilmette" <rfg () tristatelogic com>
Date: Sun, 19 Jun 2022 19:49:37 -0700
In message <CB7990CD-5284-4A9C-BB98-4D55B21B50FF () seiden com>, Mark Seiden <mis () seiden com> wrote:
it should be mentioned that shadowserver also notifies those who register as the owners of that address space.
Yes. That is quite a public spirited endeavor in the best traditions of the Internet.
my thinking about this sort of thing, in general, is: - it depends on who's doing it and why, and what they do with the information
Yes. And my question was deliberately open-ended with regards to those two points, specifically. Shadowserver is an example of a public-interest enterprise. And unless I'm mistaken, we can easily know who they are and what they do with the information they collect. There are however counter-examples... enterprises that are not quite so forthright, either in their willingness to be identified or in the disposition of their results data.
- it's polite enough for me for the good guys to identify themselves so you (the target) can worry less when you notice the activity.
I agree. But that that raises the question: How would (or should) a "benign" scanning enterprise publicly identify itself in a manner so as to mitigate undue alarm? Regards, rfg
Current thread:
- Re: Scanning the Internet for Vulnerabilities, (continued)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Carsten Bormann (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Matt Palmer (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Joe Maimon (Jun 20)
- Re: Scanning the Internet for Vulnerabilities bzs (Jun 21)
- Re: Scanning the Internet for Vulnerabilities John Curran (Jun 22)
- Re: Scanning the Internet for Vulnerabilities bzs (Jun 22)
- Re: Scanning the Internet for Vulnerabilities John Curran (Jun 22)
- Re: Scanning the Internet for Vulnerabilities Fernando Gont (Jun 22)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 19)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 19)
- Re: Scanning the Internet for Vulnerabilities J. Hellenthal via NANOG (Jun 20)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Fernando Gont (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Ronald F. Guilmette (Jun 21)
- Re: Scanning the Internet for Vulnerabilities Carsten Bormann (Jun 20)