Hi Jay, Comments inline... Saturday, December 28, 2002, 12:51:09 AM, you wrote: JDD> -----BEGIN PGP SIGNED MESSAGE----- JDD> Hash: SHA1 JDD> On Fri, 27 Dec 2002, Stephen P. Berry wrote: >> Funny that everyone seems to be hung up on the question of whether or >> not reciprocal scans are -legal-. Howzabout this one: Even if scanning >> spam relays is -legal-, is it ethical? JDD> Such a practice strikes me as teleologically ethical[1]. A system Technologically Ethical? Is that like 'technically honest' but not honest by any other definition? JDD> is being abused and we recipient systems are paying the canonical price JDD> for it. And since we bear the cost of someone else's irresponsibility, we JDD> have both the right and the responsibility to pick up the slack created by JDD> the other party so that other systems do not receive the same net.abuse JDD> ours have. This would be true if you represented an extension of law enforcement. JDD> The only thing that would color such a practice as even remotely JDD> unethical would be later utilization of such findings for the purpose of JDD> further spamming or other nefarious conduct. Who defines nefarious? The rule of law defines it. And there are agencies established for the purpose of enforcing the law. I can't believe this is even a question here... JDD> As a rule, when my systems are spammed via an open relay, I do JDD> indeed perform open relay tests on the offending system to confirm that JDD> the relayed spam is genuine or trivially spoofed[2]. With those findings, So how does one justify any scanning beyond that which is required to determine the source of a problem in the course of one's day to day duties, and furthermore with the end goal of notifying the cognizant authority of the offense? JDD> I file my reports with the cognizant admins and/or upstream providers so JDD> that an end may be put to that nonsense. All well and good, but again - to what end, the additional scanning? JDD> - -Jay JDD> 1. I don't subscribe to deontological ethics. Even when I was a lad I JDD> never regarded "because I said so" as a valid rationale for anything. JDD> 2. Old Sun Microsystems SMI 8.6 MTAs will accept any HELO statement and JDD> not log the IP, which caused all manner of spammer mischief. JDD> ( ( _______ JDD> )) )) .-"There's always time for a good cup of coffee."-. >====<--. JDD> C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) | = |-' JDD> `--' `--' `How about a 10-day waiting period on YOUR rights?' `------' JDD> -----BEGIN PGP SIGNATURE----- JDD> Version: GnuPG v1.0.7 (TreacherOS) JDD> Comment: See http://www.treachery.net/~jdyson/ for current keys. JDD> iD8DBQE+DUniTqL/+mXtpucRApOlAKDFuMLEvKwX11Toknd0hSFxImXJ/gCeOl1a JDD> Kmj84nr7KbWgxmjafsVZDm0= JDD> =Y1yR JDD> -----END PGP SIGNATURE----- JDD> ---------------------------------------------------------------------------- JDD> This list is provided by the SecurityFocus ARIS analyzer service. JDD> For more information on this free incident handling, management JDD> and tracking system please see: http://aris.securityfocus.com - Regards, Greg PGP Fingerprint: 723E 7CAD 4EF5 D904 1EE8 5279 71A5 A594 E6A7 C48E ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 13:34:27 PST