[Dshield] Question on appropriate university research

Tom dshield at oitc.com
Tue Sep 18 01:38:54 GMT 2007

We were probed by a machine on CMU's network weekly on port 22. We 
reported this to CMU abuse and received the following response:


The machine cited in your notification is running a research project 
involving SSH scanning.  I have cc'd the network manager of the 
department so that this message can be forwarded to the researcher 
for a response.

Thank you,

John K. Lerchey
Information Security Office"

Now, this "SSH scanning" project looks just like a bot net searching 
for hosts to attack later from my machines viewpoint.

Don't you think that this is at best ill advised without contacting 
the IP block owners? Further what they're trying to sample is not 
what they are sampling but thats another story.

Your comments and inputs are appreciate because I think this guys PHD 
Advisor is way out of line to condone this activity.



Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Google Talk: trshaw at gmail.com

More information about the list mailing list