Procmail Vulnerabilities check

Kurt Jaeger lists at opsec.eu
Mon Dec 11 18:46:53 UTC 2017


Hi!

> If you, as an administrator of a/your system(s), see no problem with
> (port) scanners, and take no action to thwart such activity. You are
> more than likely to encounter trouble(s) down the road.

Right, portscanning is bad, if not done in a transparent way,
so as sys-admin I have to reduce exposure.

But it's a valid tool, nevertheless.

> In short; I see them all as "black hats". Honestly. Can you *really*
> determine good intentions from bad intentions on an incoming port scan?

Yes. If it's done with full transparency, I don't mind scanning.

With transparency, I mean:
- reverse dns is set
- scan from the same IP all the time
- some point of contact for the scan (a website, email etc)
- if requested, the scanner delivers individual results to the scanned
- if requested, one can be excluded from the scan
- all the results are only used for 'above-the-waterline' work,
  like research or statistics
- scanner is willing to be audited
- [maybe some other rules...]

In fact, I've even organised such a project doing that for TLS:

https://github.com/TLS-Check/tls-check

I would not mind a registry at IANA for such transparent scan projects,
so that all the other ones can be traced and stopped.

-- 
pi at opsec.eu            +49 171 3101372                         3 years to go !


More information about the freebsd-ports mailing list