Thorsten Droigk wrote: > > There are a lot of services on the Internet that portscan a machine of your > choice, so there is nothing new about grc.com doing it. If you want to > complain about grc.com, you should complain about every proxy in the whole > web, too. I do not think that there are big differences between these > services and proxies - both hide your original IP from another server but > simultanously log it for the case of abuse. > I cannot believe that grc.com really does not log the use of its portscan > service - that would be too stupid (and illegal, as far as I know). In my > eyes, the phrase "Information gained will NOT be retained, viewed, or used > by us in any way for any purpose whatsoever" refers to the results of the > portscans and not to the logs of grc.com's httpd. This is one of those funny little things in the security world. By trying, and failing, to limit which IP address will be scanned, he has created a security problem. Had he not tried, there would be nothing to complain about. It's not quite as hypocritical as it sounds. He created the specification, and he violated it. BB
This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 16:42:09 PST