> > I disagree. Were my intentions malevolent, the last thing I'd do > is launch an initial scan from my primary, secondary (or even tertiary) > systems. When someone puts up a scanning service with weak or nonexistent > validation on who can use that service against what IP address, that sort > of thing is an invitation for net.abuse. I agree. For *most* regular people, this isn't an issue as if they are portscanning a box they are doing so with permission - ie: an authorized pen-test. But, what if you wanted to scan a box without permission? What about the people who have reason to want to hide? Yes, there are other methods to do this but why not use a web resource and have the finger pointed back at someone else. That being said, one could assume that Gibson does log connections to his web server and while he claims to not retain any of the scan results (do you trust him?), I would not assume that he does not keep logs of all web requests. It would not be all that hard to identify someone attempting to port scan someone else. Makes me wonder why Gibson didn't bother doing this in the first place. > In my view, Gibson is irresponsible in setting up such a weak > system on his site. I imagine others would be more forgiving had he not > gone off on a "Microsoft/DDoS" bender earlier this year. Couldn't happen to a nicer guy.... heh. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbakat_private http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 19:22:08 PST