scanning appropriateness was: [unisog] PlanetLab

Gary Flynn flynngn at jmu.edu
Thu Jun 26 13:49:49 GMT 2003



E. Larry Lidz wrote:
> Of those of you participating in PlanetLab (http://www.planetlab.org),
> what do you think of it from an acceptable use perspective? We are
> participating in it, but at the moment have the network port disabled.
> We received complaints of the machine scanning machines off campus. It
> appears that this is an intended part of the research.

Larry, we're not involved with PlanetLab to my knowledge but
your post brings up an issue that has been bothering me for
some time.

Is a random search for services on a public network something that
should be automatically labeled inappropriate?

Is an attempt to inventory the number of ftp sites, web sites,
RPC servers, etc. on the Internet inappropriate on a public
network?

What is the difference between Google's web crawlers and
an inappropriate scan?

Organizations knowingly connect to a public network. If they
do not want their services accessed, shouldn't they be blocked?
If they bring up a web, file sharing, or shell server on
the public Internet, why is it inappropriate for people to
search for or access these resources assuming they do it
in non-malicious ways (i.e. no password guessing, buffer
overflow attempts, denial of service attempts, etc.)?

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University




More information about the unisog mailing list