> A very convincing line of argument, _if_ you assume that a mail
> probe of a net service constitutes a search. It's closer
> to looking a public behavior than an invasive search.
The best analogy I can think of is that it's like twisting and pushing on
someone's door to see if it's locked. The problem is really that you only
have three choices:
1) A probe for a vulnerability is wrong no matter what. This makes ORBS
immoral.
2) A probe for a vulnerability is okay. This makes probing completely
justified and makes it very hard to deal with people who probe for
vulnerabilities in order to exploit them.
3) A probe for a vulnerability is okay or not okay depending upon a variety
of factors including what the prober did or intended to do with the results
and what the effect of the probe is on the probed site.
Unfortunately, it pretty much has to be the third option.
DS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:26 EST