From owner-freebsd-ports@freebsd.org Mon Dec 11 20:32:58 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D691FE9DCB0 for ; Mon, 11 Dec 2017 20:32:58 +0000 (UTC) (envelope-from portmaster@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A797577DA1 for ; Mon, 11 Dec 2017 20:32:58 +0000 (UTC) (envelope-from portmaster@BSDforge.com) Received: from udns.ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id vBBKYGCW037969 for ; Mon, 11 Dec 2017 12:34:23 -0800 (PST) (envelope-from portmaster@BSDforge.com) X-Mailer: UDNSMS MIME-Version: 1.0 In-Reply-To: <20171211184655.GC2827@home.opsec.eu> From: "Chris H" Reply-To: portmaster@BSDforge.com To: Subject: Re: Procmail Vulnerabilities check Date: Mon, 11 Dec 2017 12:34:22 -0800 Message-Id: <0eefee3ab740074aa27a8193dbc9ce66@udns.ultimatedns.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2017 20:32:58 -0000 On Mon, 11 Dec 2017 19:46:55 +0100 "Kurt Jaeger" said > Hi! >=20 > > If you, as an administrator of a/your system(s), see no problem with > > (port) scanners, and take no action to thwart such activity=2E You are > > more than likely to encounter trouble(s) down the road=2E >=20 > Right, portscanning is bad, if not done in a transparent way, > so as sys-admin I have to reduce exposure=2E >=20 > But it's a valid tool, nevertheless=2E >=20 > > In short; I see them all as "black hats"=2E Honestly=2E Can you *really* > > determine good intentions from bad intentions on an incoming port scan? >=20 > Yes=2E If it's done with full transparency, I don't mind scanning=2E >=20 > With transparency, I mean: > - reverse dns is set > - scan from the same IP all the time They don't=2E For the sake of argument, I'll name showdan; they use (off the top of my head) some 9 to 12 addresses=2E Addresses the move, also=2E :( > - some point of contact for the scan (a website, email etc) > - if requested, the scanner delivers individual results to the scanned > - if requested, one can be excluded from the scan > - all the results are only used for 'above-the-waterline' work, > like research or statistics > - scanner is willing to be audited > - [maybe some other rules=2E=2E=2E] >=20 > In fact, I've even organised such a project doing that for TLS: >=20 > https://github=2Ecom/TLS-Check/tls-check I respectfully agree to disagree with you on this=2E Mostly on one point; I should be informed *prior* to the port scan/audit, not *after*=2E >=20 > I would not mind a registry at IANA for such transparent scan projects, > so that all the other ones can be traced and stopped=2E This, my friend, I agree with you on, wholeheartedly=2E :-) --Chris >=20 > --=20 > pi@opsec=2Eeu +49 171 3101372 3 years to= go > !