[Dshield] Question on appropriate university research
David Oxley
hightenor at gmail.com
Tue Sep 18 13:14:48 GMT 2007
Tom,
I don't think you're out-of-line at all. One of the first things I was ever
taught about malware research was that it must either be done in a
controlled environment, or you must have permission from other computer
owners (i.e. scan the academic network at my school only after an
alert/opt-out process has been initiated and processed). Most campus
networks have a strict ToS about port scanning, regardless of scholarly
pursuits. Had the scanned computer been a hardened military machine, would
intentions have mattered? I somehow doubt it.
Should CMU not want their IP range blacklisted from rogue scanning, they'd
do well to reign-in researchers who see the Internet as their testing
environment.
David Oxley
Emory University 2009
Computer Science / Anthropology
More information about the list
mailing list