From owner-freebsd-ports@freebsd.org  Tue Dec 12 08:23:57 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57984E917FC
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 12 Dec 2017 08:23:57 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1C51171E92
 for <freebsd-ports@freebsd.org>; Tue, 12 Dec 2017 08:23:57 +0000 (UTC)
 (envelope-from lists@opsec.eu)
Received: from pi by home.opsec.eu with local (Exim 4.89 (FreeBSD))
 (envelope-from <lists@opsec.eu>)
 id 1eOfr1-0006rm-6b; Tue, 12 Dec 2017 09:23:55 +0100
Date: Tue, 12 Dec 2017 09:23:55 +0100
From: Kurt Jaeger <lists@opsec.eu>
To: Chris H <bsd-lists@BSDforge.com>
Cc: freebsd-ports@freebsd.org
Subject: Re: Procmail Vulnerabilities check
Message-ID: <20171212082355.GE2827@home.opsec.eu>
References: <20171211184655.GC2827@home.opsec.eu>
 <d25ddfa5ac0f662d6add458235daae27@udns.ultimatedns.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <d25ddfa5ac0f662d6add458235daae27@udns.ultimatedns.net>
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 08:23:57 -0000

Hi!

> > With transparency, I mean:
> > - reverse dns is set
> > - scan from the same IP all the time
> They don't. For the sake of argument, I'll name showdan; they use (off
> the top of my head) some 9 to 12 addresses. Addresses the move, also. :(

If their IPs are published somewhere in a parseable format,
I'm fine if it's multiple IPs or if they move etc.

> > https://github.com/TLS-Check/tls-check
> I respectfully agree to disagree with you on this. Mostly on one point;
> I should be informed *prior* to the port scan/audit, not *after*.

What type of announcement on what list/forum/irc-channel would you
accept/monitor/etc ?

Would it be sufficient, if the PTR record has some TXT that points
to the official site with the details of the scan ? So that
during incoming scans you can automatically look up the source
of the scan ?

That would differentiate a research scan from an attack scan, wouldn't it ?

Given that most attackers scan unannounced, and systems have to handle
that case, I do not see the problem in scans being done unannounced, btw.

-- 
pi@opsec.eu            +49 171 3101372                         3 years to go !