Date: Mon, 11 Dec 2017 19:46:55 +0100 From: Kurt Jaeger <lists@opsec.eu> To: Chris H <portmaster@BSDforge.com> Cc: freebsd-ports@freebsd.org Subject: Re: Procmail Vulnerabilities check Message-ID: <20171211184655.GC2827@home.opsec.eu> In-Reply-To: <64e65ab97f9c2b086ed8c13620f06546@udns.ultimatedns.net> References: <20171211154257.GA2827@home.opsec.eu> <64e65ab97f9c2b086ed8c13620f06546@udns.ultimatedns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > If you, as an administrator of a/your system(s), see no problem with > (port) scanners, and take no action to thwart such activity. You are > more than likely to encounter trouble(s) down the road. Right, portscanning is bad, if not done in a transparent way, so as sys-admin I have to reduce exposure. But it's a valid tool, nevertheless. > In short; I see them all as "black hats". Honestly. Can you *really* > determine good intentions from bad intentions on an incoming port scan? Yes. If it's done with full transparency, I don't mind scanning. With transparency, I mean: - reverse dns is set - scan from the same IP all the time - some point of contact for the scan (a website, email etc) - if requested, the scanner delivers individual results to the scanned - if requested, one can be excluded from the scan - all the results are only used for 'above-the-waterline' work, like research or statistics - scanner is willing to be audited - [maybe some other rules...] In fact, I've even organised such a project doing that for TLS: https://github.com/TLS-Check/tls-check I would not mind a registry at IANA for such transparent scan projects, so that all the other ones can be traced and stopped. -- pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171211184655.GC2827>