Procmail Vulnerabilities check

Chris H portmaster at BSDforge.com
Mon Dec 11 20:32:58 UTC 2017


On Mon, 11 Dec 2017 19:46:55 +0100 "Kurt Jaeger" <lists at opsec.eu> said

> Hi!
> 
> > If you, as an administrator of a/your system(s), see no problem with
> > (port) scanners, and take no action to thwart such activity. You are
> > more than likely to encounter trouble(s) down the road.
> 
> Right, portscanning is bad, if not done in a transparent way,
> so as sys-admin I have to reduce exposure.
> 
> But it's a valid tool, nevertheless.
> 
> > In short; I see them all as "black hats". Honestly. Can you *really*
> > determine good intentions from bad intentions on an incoming port scan?
> 
> Yes. If it's done with full transparency, I don't mind scanning.
> 
> With transparency, I mean:
> - reverse dns is set
> - scan from the same IP all the time
They don't. For the sake of argument, I'll name showdan; they use (off
the top of my head) some 9 to 12 addresses. Addresses the move, also. :(

> - some point of contact for the scan (a website, email etc)
> - if requested, the scanner delivers individual results to the scanned
> - if requested, one can be excluded from the scan
> - all the results are only used for 'above-the-waterline' work,
>  like research or statistics
> - scanner is willing to be audited
> - [maybe some other rules...]
> 
> In fact, I've even organised such a project doing that for TLS:
> 
> https://github.com/TLS-Check/tls-check
I respectfully agree to disagree with you on this. Mostly on one point;
I should be informed *prior* to the port scan/audit, not *after*.

> 
> I would not mind a registry at IANA for such transparent scan projects,
> so that all the other ones can be traced and stopped.
This, my friend, I agree with you on, wholeheartedly. :-)

--Chris

> 
> -- 
> pi at opsec.eu            +49 171 3101372                         3 years to go
> !




More information about the freebsd-ports mailing list