-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 03:52 PM 5/12/2005 -0700, Tom Holub wrote:
>On Thu, May 12, 2005 at 02:11:08PM -0700, Jake-F Harwood wrote:
> >
> > seem's like a lot of good info thr out because your worried about having
> > the security groups scanner IP spooffed.
>
>First of all, some departments are doing their own, more targeted
>scanning. Second, it's a vulnerability, and on shared networks, a
>realistic vunerability. (Most of my networks are shared). We
>shouldn't be encoding vulnerabilities into policy. Third, who says
>we're throwing the info out? Many departments do their own network
>scanning.
so wouldn't you need to poke holes in that FW for the "departments scanner"?
if Departments are going to start taking the responsibility for scanning
there own networks, then SNS should not duplicate that same work or worse
scan in vane wasting cycles.
>And the issue isn't just the security hole it creates; it's also the
>extra management required to maintain SNS's list of IPs on thousands
>of machines.
also similar to the management required to maintain that fw software on the
host. (in most cases)
once or maybe I should say, if SNS's roll's out a production scanning
service I could foresee it being as stable as the DNS ip's, or the
security@berkeley.edu email address.
SNS has already started to request designated net blocks and happy friendly
host names like "sns-campus-scanner-1.Security.berkeley.edu", to keep
the management required to a minimum.
I'm going to drop off this thread, or rather go back to my lurking
hole, my response are always a bit lacking and take me a bit to long to
compose. (and I need to wrap up the last of the scanning so SNS can return
the evaluation scanner)
but I just wish I could shear with you the names of the people who have
asked to not be scanned, and were added to an add hock "dont scan list" and
then turned up owned, big systems, with good admins.
I've yet to be spoofed, but hey it could be the next big thing. (by just
saying that, I'm sure it will happen) =;-)
- -F
- -------------------------------------------------------------------------
Jake F Harwood University of California, Berkeley
Intrusion Detection Team 2484 Shattuck Avenue
Phone (510)643-8241
Cell (510)390-2580
"Who is this General Failure and why is he reading my hard drive?" -F
Connecting@Berkeley Security
CD http://istpub.berkeley.edu:4201/bcc/Spring2004/cabsecure.html
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBQoPmQyIJRNHUFoUuAQJ/mQf/Xy1Y3IcRzZ2n9jyV9lkSlgYqKDm5quW3
OB7jmGCLT6rQAXB3CuyTsd83aWBWZ2C3bizP42jEskNM5fvUi9aVCIZWwtBpjF08
px3ycChNTZSx8CojgLb+M3jNwYe90SjnXsDoAqLtuW+OOZ6JT3fkOIRZRHTeSh70
F2VIFn6d3jvZ39UwXtgFSqH6haXDu6hlSiVzMcd6XB0rInpSOcdHt3RA3pc2PCx7
E03MlVFiYL7XP8265bxTRF4LTANjUQFV/ULY5C35gb3MKzmOys+0fysNOWVoiWEp
TQTuP/NAE6zzmRRjOUgK/XOqJJoUlw/b/T1mhVx71ZYEPaRXIGOqIg==
=uGO4
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Thu May 12 16:30:40 2005
This archive was generated by hypermail 2.1.8 : Thu May 12 2005 - 16:30:42 PDT