Procmail Vulnerabilities check

Kurt Jaeger lists at opsec.eu
Tue Dec 12 08:23:57 UTC 2017


Hi!

> > With transparency, I mean:
> > - reverse dns is set
> > - scan from the same IP all the time
> They don't. For the sake of argument, I'll name showdan; they use (off
> the top of my head) some 9 to 12 addresses. Addresses the move, also. :(

If their IPs are published somewhere in a parseable format,
I'm fine if it's multiple IPs or if they move etc.

> > https://github.com/TLS-Check/tls-check
> I respectfully agree to disagree with you on this. Mostly on one point;
> I should be informed *prior* to the port scan/audit, not *after*.

What type of announcement on what list/forum/irc-channel would you
accept/monitor/etc ?

Would it be sufficient, if the PTR record has some TXT that points
to the official site with the details of the scan ? So that
during incoming scans you can automatically look up the source
of the scan ?

That would differentiate a research scan from an attack scan, wouldn't it ?

Given that most attackers scan unannounced, and systems have to handle
that case, I do not see the problem in scans being done unannounced, btw.

-- 
pi at opsec.eu            +49 171 3101372                         3 years to go !


More information about the freebsd-ports mailing list