[Dshield] Question on appropriate university research

Paul Melson pmelson at gmail.com
Tue Sep 18 13:20:18 GMT 2007


> Don't you think that this is at best ill advised without contacting the IP
block owners? Further what they're 
> trying to sample is not what they are sampling but thats another story.

Can you elaborate on this point?


> Your comments and inputs are appreciate because I think this guys PHD
Advisor is way out of line to condone 
> this activity.

This sounds a lot like the ScanSSH work that Provos & Honeyman did at U of
Michigan with ScanSSH*.  So perhaps its someone doing similar work..?
Either way, there is some academic precedence for this kind of thing.  At
the same time, the traffic itself is not easily distinguished from hostile
traffic on the wire and I don't think you're obligated to treat it any
differently.

PaulM

* http://www.citi.umich.edu/u/provos/papers/scanssh.pdf




More information about the list mailing list