|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Strange domain-udp signature
From: Ed Allen Smith (easmith
beatrice.rutgers.edu)
Date: Thu Jul 17 2003 - 19:24:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <068A2D11475A0040966AA084A1CFF9CF3DA20Emsxp01.wcbbc.wcbmain.com>
(on 17 July 2003 12:10:51 -0700), dsudom1wcb.bc.ca (Sudom, Don) wrote:
>It may be common practice for some vendors... However, active
>reconnasance and network mapping is unethical regardless of the intent.
I'm not sure I would say unethical - to be avoided if other means are
available, yes - regardless of the intent. There are justifications for some
uses (not this one!) of network mapping - research into how the Internet
works is rather vitally necessary for figuring out how to improve it (or
even keep it running); see http://www.caida.org for some examples.
>There are passive techniques that these vendors can employ to accomplish
>this task.
Measurement of _normal_ DNS responses, for instance, yes.
>I actually have an FAQ from one of these vendors that suggests that
>everyone permit ICMP traffic so that they can "statically map" the network
>to determine the optimal path. You can go ahead and permit ICMP to your
>network if you like, but I won't be opening mine any time soon.
Umm... do be careful about filtering ICMP, specifically filtering can't
fragment messages - path MTU discovery. KRNIC's whois is not accessible to
quite a few sites because it's behind a path MTU discovery blackhole (the
response of said sites being generally to concluded that if KRNIC is not
interested in proper internet management, they aren't interested in hearing
from Korean IP space...).
>Also, I don't have a problem with a couple of probes, but these devices are
>relentless. They should be smart enough to remove a node from it's list
>should an answer not be forthcoming.
Strongly agreed.
-Allen
--
Allen Smith http://cesario.rutgers.edu/easmith/
September 11, 2001 A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]