Date: Tue, 12 Dec 2017 09:23:55 +0100 From: Kurt Jaeger <lists@opsec.eu> To: Chris H <bsd-lists@BSDforge.com> Cc: freebsd-ports@freebsd.org Subject: Re: Procmail Vulnerabilities check Message-ID: <20171212082355.GE2827@home.opsec.eu> In-Reply-To: <d25ddfa5ac0f662d6add458235daae27@udns.ultimatedns.net> References: <20171211184655.GC2827@home.opsec.eu> <d25ddfa5ac0f662d6add458235daae27@udns.ultimatedns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > > With transparency, I mean: > > - reverse dns is set > > - scan from the same IP all the time > They don't. For the sake of argument, I'll name showdan; they use (off > the top of my head) some 9 to 12 addresses. Addresses the move, also. :( If their IPs are published somewhere in a parseable format, I'm fine if it's multiple IPs or if they move etc. > > https://github.com/TLS-Check/tls-check > I respectfully agree to disagree with you on this. Mostly on one point; > I should be informed *prior* to the port scan/audit, not *after*. What type of announcement on what list/forum/irc-channel would you accept/monitor/etc ? Would it be sufficient, if the PTR record has some TXT that points to the official site with the details of the scan ? So that during incoming scans you can automatically look up the source of the scan ? That would differentiate a research scan from an attack scan, wouldn't it ? Given that most attackers scan unannounced, and systems have to handle that case, I do not see the problem in scans being done unannounced, btw. -- pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171212082355.GE2827>