[Dshield] Question on appropriate university research
dshield at oitc.com
Tue Sep 18 01:38:54 GMT 2007
We were probed by a machine on CMU's network weekly on port 22. We
reported this to CMU abuse and received the following response:
The machine cited in your notification is running a research project
involving SSH scanning. I have cc'd the network manager of the
department so that this message can be forwarded to the researcher
for a response.
John K. Lerchey
Information Security Office"
Now, this "SSH scanning" project looks just like a bot net searching
for hosts to attack later from my machines viewpoint.
Don't you think that this is at best ill advised without contacting
the IP block owners? Further what they're trying to sample is not
what they are sampling but thats another story.
Your comments and inputs are appreciate because I think this guys PHD
Advisor is way out of line to condone this activity.
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax),
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Google Talk: trshaw at gmail.com
More information about the list