Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Ethics of net blocking according to region

By trog in Internet
Sun Apr 22, 2001 at 02:56:19 PM EST
Tags: Security (all tags)
Security

The World Wide Web was intended to be just that - World Wide. But certain e-commerse sites, due to laws that regulate the type of service they perform, can only service American customers. Given that the company that I am working for (which will remain nameless) has dozens of portscan attempts from foreign countries, what are the ethical ramifications of blocking whole netblocks, the users of which could not do business with the site in question anyways?


As I take security very, very seriously, I make it a point to log all portscans and respond to each and every one. By responding, I mean that I look up the ip address in question using the arin database, and send notification to the entity who is responsible for the offending ip address contained in their netblock. I'd say that 90% of these never amount to anything, but sometimes, this helps an admin find out that his system was compromised, or it kills the service of some script kiddie who is attempting to abuse others on the net. This small bit of work can help the Internet be a better place, and I encourage all admins to do the same.

Over the past two months, I have been recording exactly where these scans are coming from (Previously, I would oftentimes have an assistant admin take care of the arin lookup and email). The results have been shocking. The site averages 8 portscans a day (as I expected; this isn't so shocking). What is shocking is that 88% of the portscans come from an ip address homed in Asia.

It has been my professional experience that the ISPs responsible for these ip addresses are completely unresponsive (In this month, I received one email reply stating that they really don't care what their users do, and no reply from anyone else). This is really sad, as I would like to think that because the Internet is intended to be world wide, the world would take interest in keeping it clean.

My first thought was to ease my pain; block the whole damn netblock. According to certain laws that this company must operate under, they cannot have commerce with customers outside of the US. So, it would not harm the business if this entire netblock was blocked at the firewall.

But the ramifications of this scare me. As the use of proprietary technology on the web becomes more and more common, people are already cut off from viewing a great deal of content. With packets being dumped into the bit bucket just because they come from a specific place, the Internet could become even more Balkinized.

What does the community think of this? Please understand that this has nothing to do with the fact that the scans are coming from Asia, per se; I would be faced with the same issue if they all came from Europe, or Africa, or South America. Because the company cannot do business with customers outside the US anyways, do you think this is appropriate?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Also by trog


Display: Sort:
Ethics of net blocking according to region | 69 comments (68 topical, 1 editorial, 0 hidden)
US Citizen in another country? (4.00 / 5) (#1)
by nospoon on Sat Apr 21, 2001 at 12:11:34 PM EST

Just had to ask, but wouldn't you be losing business of any US Citzens (or Companies) accessing your site from abroad?
I am currently on assignment in Switzerland, but I do buy things from US companies and have them shipped to my work in the US, who then forwards the items to me in CH.
Also, when I am actually in the US, our main gateway to the internet has an IP address from the home office in CH and it looks like I am in CH even when I am in the US.


.sig newtons - 'They're fruits and cake!'


Re: US Citizen in another country? (4.00 / 4) (#3)
by trog on Sat Apr 21, 2001 at 12:27:57 PM EST

I have considered this, and spoken this over with the management team at the company. They believe that due to the demographic of our customers, the business loss in this case would be minimal to non-existant. However, they have left the decision to block or not up to me, having faith that i know best when it comes to operational security.

The majority of the connections come from North Korea, although there have been a few coming from China. I can't recall exactly; the exact demographics are written down at the office.



[ Parent ]
Re: Korea (4.00 / 3) (#33)
by UrLord on Sun Apr 22, 2001 at 01:31:49 AM EST

There has been talk on a number of security lists and around my office about all the scans from Korea. Apparently a majority of those scans come from compromised machines.

[ Parent ]
One thing to think about . . . (3.00 / 8) (#2)
by regeya on Sat Apr 21, 2001 at 12:19:03 PM EST

I don't know if it's true or not, but if the Asian country in question is China, and you report it, you might be signing the perp's death warrant.

[ yokelpunk | kuro5hin diary ]

Re: One thing to think about... (3.33 / 9) (#6)
by trog on Sat Apr 21, 2001 at 12:41:59 PM EST

I don't know if it's true or not, but if the Asian country in question is China, and you report it, you might be signing the perp's death warrant.

If this is the case, then this it the punishment that has been determined fit for the crime in that country. The cracker probabily knew this going in. I am not responsible for the punishment that their society has chosen for the crime; I AM responsible for the security and integrity of the production network for the company I work for.

This may be a callous response, but it's a very honest one. If the system gets compromised, I could very well be fired, which would deny food and other resources to my family. As a sysadmin, a threat to my network is a threat to my livelyhood.

In US financial institutions (which this company is definately not; I won't work for a bank again), the sysadmin can be(and oftentimes is) held CRIMINALLY liable for a system compromise. Should a sysadmin in this position, knowing that he could loose his freedom of he doesn't deminstrate dilligence, not report each and every compromise attempt?

Anyone who attempts to compromise a network I am responsible for will face the full brunt of the legal system to which they are responsible to. I will seek convictions. I will testify. Anything less is ethically irresponsible.

Think of me what you will, but if the cracker does not take responsiblity for his actions, I will hold him responsible.



[ Parent ]
emailing admins (2.50 / 4) (#24)
by Delirium on Sat Apr 21, 2001 at 08:34:09 PM EST

The problem with your logic is that portscanning is not in any way cracking. Portscanning is legal in most juridictions, and IMHO should be legal in all jurisdictions. I personally portscan fairly often just out of curiosity, but have never actually cracked a box. In fact as soon as I find out your IP address you're probably getting portscanned just for the hell of it. =]

Mailing admins for something like this is clearly an attempt to just harrass people, most of whom are just doing something completely legal. Many of their admins might go along with your complaint and cancel accounts simply because they don't know any better or don't want to bother dealing with it. Perhaps I should email admins of k5 posters every time they post something I could remotely construe as 'bad', regardless of whether it's libel or anything actually illegal.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

re:emailing admins (4.50 / 2) (#27)
by trog on Sat Apr 21, 2001 at 09:04:12 PM EST

Most of these portscans are not "To see what services I am running", they are scans for particular services (which magically coincide with services that have recently had root level exploits, as reported on Bugtraq...imagine that). They are scans for the same service, across every machine in the subnet, two or three times each, over the span of 1-3 seconds.

That's not seeing what services I am offering...that's running a "l33t kiddie script" that's looking for a back door into my server farm. (Particularly because the services scanned for: portmapper, linuxconf, and the netBIOS services, should never be offered on the public Internet)

What would you do if you caught someone rattling the handle and examining the lock on your front door? (FYI: This is completely legal, at least in CA; I asked a lawyer friend of mine.) Would you be "harassing" this person if you called the police on him? Would you assume this person wanted to break into your house?



[ Parent ]
portscanning (none / 0) (#44)
by Delirium on Sun Apr 22, 2001 at 03:47:48 AM EST

What would you do if you caught someone rattling the handle and examining the lock on your front door? (FYI: This is completely legal, at least in CA; I asked a lawyer friend of mine.) Would you be "harassing" this person if you called the police on him? Would you assume this person wanted to break into your house?

I don't think this is really the same thing, though if you know it's not illegal and you called the police on him I would argue that yes you are harrassing him. Calling law enforcement on anyone for any reason other than a violation of the law is pretty clearly just using law enforcement for harrassment, not for legitimate enforcement of actual laws.

What I would consider more analogous to portscanning is checking the door on a store or other business to see if it's unlocked, since servers on the internet are explicitly put on a public network. And I don't think it should be illegal to check the handle on the door of my local Radio Shack to see if it's open.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

portscanning analogy (none / 0) (#56)
by Spy Hunter on Sun Apr 22, 2001 at 05:19:57 PM EST

I think you're using the wrong analogy here. Checking the door on a business to see if it is unlocked is analagous to attempting to connect to a site with a web browser. Portscanning is more like walking around the building, testing all the doors, windows, and air vents to see if there's another way inside. Granted, that's not explicitly illegal, and neither is portscanning. However, you're not likely to get very good reactions from the store owners if you go around doing that.

[ Parent ]
Re: emailing admins (3.50 / 2) (#34)
by UrLord on Sun Apr 22, 2001 at 01:46:47 AM EST

Port scanning is a common event before a hack attempt. In a situation where you are in charge of the security of a system or even multiple systems the phrase "better safe than sorry" applies. Unfortunately there are too many dynamic ip addresses to be able to make good patterns out of these scans. With static ip addresses an organized admin can keep track of which ip addresses scan the network. A lot of the scans will happen once and never again (mostly the curious) and some ip addresses will scan over and over and set off other alarms on the IDS system as other hack attempts are made. You can see how dynamic ip addresses make this harder or even impossible.

[ Parent ]
Just curious... (4.20 / 5) (#7)
by Dolgan on Sat Apr 21, 2001 at 12:43:49 PM EST

"... China ... the perp's death warrant."

Do you have any evidence of this even being remotely possible? I'm too ignorant about what's going on in China to know if it's true or not, but that's pretty brutal.

[ Parent ]

OTOH (3.50 / 4) (#18)
by ti dave on Sat Apr 21, 2001 at 02:49:24 PM EST

If the "perp" is from China, he MAY be portscanning you at the Chinese government's bidding and direction.

ti_dave


"If you dial," Iran said, eyes open and watching, "for greater venom, then I'll dial the same."

[ Parent ]
depends on the portscan? (3.85 / 7) (#4)
by Speare on Sat Apr 21, 2001 at 12:37:47 PM EST

If my firewall sensed someone scanning all ports in range 1-1023, and many common ports above 1024, with many packets or broken packets, then I may want to treat that as a scan for vulnerabilities.

If my firewall sensed someone scanning a few ports for finger, identd, ping, and then my web server, with minimal well-formed packets, I'd say "fine, they want to know more about me to decide if they can legally do business with me, or if the drive would be too far." Seems fairly benign to me.

Why block off access to customers? Why do the foreign nation's censorship for them?


[ e d @ e x p l o r a t i . c o m ]


RE: Depends on the portscan (4.00 / 8) (#8)
by trog on Sat Apr 21, 2001 at 12:50:04 PM EST

Specifically, the portscans I am concerned with tend to follow one of four patterns:

    Rapid scanning of entire subnet for port 111 (portmapper).
    Rapid scanning of entire subnet for port 98 (linuxconf)
    Rapid scanning of entire subnet for ports 137-139 (NetBIOS)
    Rapid scanning of entire subnet for port 53 (bind)

Oftentimes, each host is scanned three times. I assume this is to deal with slow networks or dropped connections.

If you think any of the above behavior is anything but malicious, you really need to be hit by the clue stick.



[ Parent ]
clue stick? (3.00 / 2) (#16)
by Speare on Sat Apr 21, 2001 at 02:17:35 PM EST

I'll repeat myself with smaller words.

    If the pattern appears mean, block it.

    If it doesn't appear mean, why block it?

This doesn't matter whether we're talking one machine or many machines. If they're perfectly formed bind sockets but sniffing your network in a way that you feel is malicious, go ahead and cut them off.

And ask yourself this: were you frustrated at your attackers, or at me? You don't need to respond here with an uncivil tone. You asked us for our opinions.
 
[ e d @ e x p l o r a t i . c o m ]


[ Parent ]

Re: Clue Stick apologies (3.66 / 3) (#17)
by trog on Sat Apr 21, 2001 at 02:41:37 PM EST

I apologize for the tone. I assumed while submitting my article that it would be obvious that the portscanning would appear malicious. In reading a few comments, it looks like I assumed too much.

The tone comes in part from people I talk to who can't seem to understand why a sysadmin would be concerned with a portscan at all. In the real world, a burgler cases your home before breaking in. Portscanning is the network equivilant of caseing.

(The tone also comes in part from my fairly abrasive personality ;-) )



[ Parent ]
Looking doesn't mean burglary (4.00 / 2) (#40)
by panner on Sun Apr 22, 2001 at 03:11:50 AM EST

Sure, a burglar will check out a house before he breaks into it (well, one with half of a working brain). But just because burglers will look doesn't mean lookers will burglarize. Someone may be admiring the house, maybe they want one like it. Or they just like how it looks. Or they want to check out something about it.

The house analogy starts to break down there, as most people don't port scan a server to admire it. But there are plenty of people that will port scan a server just out of curiosity. Maybe they want to try out the tool, or want to see how competent the sysadmin appears to be. There are plenty of people that are bored enough to check out a site's security before they buy from it.

Sure, a lot of portscans are done before an attack is made, but that's not enough to get someone. Would the police come and arrest a person for looking at your house? I hope not. Until an attack is made on the server, the person on the other end can't be assumed hostile. You're better off with a system secure enough to fend off attacks, and then reporting attacks to the person's ISP, rather than mere port scans.

--
Keith Smiley
Get it right, for God's sake. Pigs can work out how to use a joystick, and people still can't do this!
[ Parent ]

you may have american customers overseas (2.60 / 5) (#5)
by TuxNugget on Sat Apr 21, 2001 at 12:39:19 PM EST

and travelling or taking a job overseas should not cause them to lose access to their accounts.

The world wide web is everywhere, and much cheaper than placing an international phone call to check a bank balance, credit limit, or make a stock trade.

Re: you may have american customers overseas (2.00 / 1) (#35)
by UrLord on Sun Apr 22, 2001 at 02:13:59 AM EST

This should be a consideration, but as the submitter said in another post (possibly posted after yours) the executives made this his call. Some industries have many more restrictions to where they can export information. I am not completely sure on the state of American cryptography exportation laws at this point but if this is the business the company is in blocking off foriegn countries might not cause too much trouble. Also there have been a lot of admins complaining about scans from Asia , Korea in particular. So we have to do some risk management. Is the threat of attempts from that area (and there have been a lot lately) worth the potential customers from that area? Of course this must be wieghed by each company, but it is something to think about.

[ Parent ]
portscans and security (3.00 / 8) (#9)
by elektrogott on Sat Apr 21, 2001 at 12:58:08 PM EST

What have portscans to do with security?
If you want to check out what services
a computer with a certain ip-adress offers,
if not with a portscan how else?

What I'm trying to say is: A portscan is a way
to ask a computer what services it offers and
since the net is all about communications this
knowledge is fundamental for the communication,
right?

So why trying to block hosts that do portscans?


re: portscans and security (3.28 / 7) (#14)
by trog on Sat Apr 21, 2001 at 01:45:03 PM EST

What do portscans have to do with security?

This question isn't serious, is it? Assuming it is, a portscan is ALWAYS a precursor to an attempt at an attack. A portscan is the equivilant of a sniper aiming before pulling the trigger.

If you want to check out what services a computer with a certain ip-adress offers, if not with a portscan how else?

Because a properly implemented security policy will make this obvious to a customer. If I am operating a web server farm, and customers access that farm only via the web, and customers know this, and I block all other services inbound, then there is never cause for a customer to portscan me. The nieve(sp?) curiousity defense is a bunch of b.s.

So why trying to block hosts that do portscans?

Because I cannot think of any good reason for a portscan to take place, other than by myself when I am securing a machine for production. Because a properly implemented security policy will train the users, teaching them to access the system the way I want them to.

Please understand that this is a webserver farm, not an office network. The type of portscans I am seeing are like this.



[ Parent ]
re: portscans and security (3.50 / 4) (#19)
by elektrogott on Sat Apr 21, 2001 at 02:57:45 PM EST

This question isn't serious, is it? Assuming it is, a portscan is ALWAYS a precursor to an attempt at an attack. A portscan is the equivilant of a sniper aiming before pulling the trigger.

In my previous post I tried to outline, why (IMHO) this isn't the case.

If you want to check out what services a computer with a certain ip-adress offers, if not with a portscan how else?

Because a properly implemented security policy will make this obvious to a customer. If I am operating a web server farm, and customers access that farm only via the web, and customers know this, and I block all other services inbound, then there is never cause for a customer to portscan me. The nieve(sp?) curiousity defense is a bunch of b.s.

I think I'm just started to understand you!
In your article you spoke about the World Wide Web and not about the Internet. It seems to me, that with the appereance of the World Wide Web there was actually a paradigm shift from a simple distributed network of equals to a network which is constituted of Servers and Clients. In such a world it is easy to see why mere customers, who are educated what services you offer, have no need to do anything more than use your service.
But actually the internet does not constitute just of customers, and if you don't like the idea you better get your computers off the net!
What I'm trying to say is:
Portscans are not illegal.
You won't get rid of portscans.
I you want to stay on the net, you have to deal with that.
If you can't stand portscans, yes, your solution is the right one.

[ Parent ]
re: portscans and security (4.00 / 1) (#28)
by trog on Sat Apr 21, 2001 at 09:14:03 PM EST

I think I'm just started to understand you! In your article you spoke about the World Wide Web and not about the Internet. It seems to me, that with the appereance of the World Wide Web there was actually a paradigm shift from a simple distributed network of equals to a network which is constituted of Servers and Clients

Oh, please. Don't confuse the topology (TCP/IP) with the application.

Fact is, the Internet has always been a strict client/server model; the first real "equal peer" service widely used was instant messaging protocols, and that is only in the last few years. You've got mail servers, news servers, gopher servers, irc servers, ftp servers, archie servers, web servers, ssh servers, telnet servers, whois servers, domain servers...am I missing something?



[ Parent ]
It was a different client/server. (none / 0) (#63)
by Peeteriz on Mon Apr 23, 2001 at 05:28:01 AM EST

The ftp, news, mail servers were a part of a network of equals, because almost all of the machines carried them. The name 'server' was just because there are two ends of the connection, the one asking something being the client, and the one giving something - the server.
However, with the Internet coming to the masses, incredible amounts of systems who were user-only, and did not provide anything at all, were connected. THEY became the clients of what is now a client server model - a 'service' throwing stuff at 'customers'.

But anyway, anyone may send TCP/IP packets at you, not only coustomers. If you want to restrict yourself to the customers only, do some smart filtering.
If you do not do so, then be prepared to be portscanned, as this is the only way for someone who does not know about your public services to notice them.

[ Parent ]
re: portscans and security (none / 0) (#67)
by elektrogott on Mon Apr 23, 2001 at 12:07:31 PM EST

Oh, please. Don't confuse the topology (TCP/IP) with the application.

I didn't confuse the topology with the application, but rather the mentality with the application.
Yes, there were ftp/news/irc/gopher/archie/mail servers and on the other side there were clients. However the ftp/news/irc/gopher/archie servers were not targeted at customers but were open to all participants of the network.
But with the uproar about the Web a signifacant change occured. For Example: Web based Discussion boards have partly replaced news based Discussions. And IMHO with this changed also the perception and the reality of the internet itself!
This is our lost paradise.

[ Parent ]
No reason? (3.50 / 2) (#21)
by delmoi on Sat Apr 21, 2001 at 07:19:33 PM EST

Because I cannot think of any good reason for a portscan to take place, other than by myself when I am securing a machine for production.

Curiosity?
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
uhh no (3.75 / 4) (#22)
by Delirium on Sat Apr 21, 2001 at 08:28:38 PM EST

This question isn't serious, is it? Assuming it is, a portscan is ALWAYS a precursor to an attempt at an attack. A portscan is the equivilant of a sniper aiming before pulling the trigger.

Uhh, no it isn't. I've portscanned quite a few systems myself simply out of curiosity - to see what sorts of ports are typically open on what sorts of servers. I've never actually cracked a box, so your "ALWAYS" claim is clearly false.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

Re: uhh no (4.00 / 1) (#36)
by UrLord on Sun Apr 22, 2001 at 02:33:18 AM EST

Uhh, no it isn't. I've portscanned quite a few systems myself simply out of curiosity - to see what sorts of ports are typically open on what sorts of servers. I've never actually cracked a box, so your "ALWAYS" claim is clearly false.

What I believe he meant was that if you look at the logs of hack attempts portscans will ALWAYS proceed the attempt. the portscans that worry me are the ones looking for particular services that are not always the most secure. Right after the last BIND hole I saw dozens of scans on port 53. I constantly see scans for port 111 (RPC services) all over the network. These scans are unnecessary and rude. Curiosity is a good thing. Curiosity killed the cat, so when acting on curiosity be prepared to accept the consequences. If you are curious and port scan a machine and that admin sends an email to the admin of your isp, do not get angry. You knew that result was possible and yet you port scanned the machine.

[ Parent ]

Curiosity killed the cat... (2.50 / 2) (#39)
by panner on Sun Apr 22, 2001 at 03:01:52 AM EST

...but satisfaction brought him back :)

--
Keith Smiley
Get it right, for God's sake. Pigs can work out how to use a joystick, and people still can't do this!
[ Parent ]
Re: Curiosity killed the cat... (1.00 / 1) (#41)
by UrLord on Sun Apr 22, 2001 at 03:17:48 AM EST

...but satisfaction brought him back :)

In the context of my point, the portscanner got a new isp.

[ Parent ]

Context (5.00 / 1) (#55)
by panner on Sun Apr 22, 2001 at 05:17:53 PM EST

Take whatever context you want, but at 3:00am, I just wanted to say that, nothing else :)

--
Keith Smiley
Get it right, for God's sake. Pigs can work out how to use a joystick, and people still can't do this!
[ Parent ]
portscanning (3.80 / 5) (#43)
by Delirium on Sun Apr 22, 2001 at 03:43:16 AM EST

What I believe he meant was that if you look at the logs of hack attempts portscans will ALWAYS proceed the attempt.

Perhaps usually, but I don't think always. The people who really know what they are doing will never preceed an attack with a portscan, because it is simply too obvious (even a "stealth" one, like FIN-scanning, is too risky with many of the detection tools commonly available these days). A typical technique is to do a slow distributed scan over a period of a few weeks - split the ports you're interested in between a group of IPs, and have each IP check a single port per day, or per week, or whatever you feel comfortable doing. After a bit (depending on how often you use each IP and how many you have) you'll have gotten a map of what ports are open on that machine without doing anything that would usually be seen as a portscan (a single FIN packet sent in error will not trigger any detection mechanisms). Then you wait a few more weeks just to be sure, and carry out your attack from a completely different IP altogether.

These scans are unnecessary and rude. Curiosity is a good thing. Curiosity killed the cat, so when acting on curiosity be prepared to accept the consequences. If you are curious and port scan a machine and that admin sends an email to the admin of your isp, do not get angry. You knew that result was possible and yet you port scanned the machine.

I don't think that result should be possible though. Servers on the internet are by definition public servers, and the services which are publically available are public services. When I portscan a machine I am merely determining what (if any) public services that machine offers. If i get back "http" I might view the website; if I get back "ftp" I might see if it is an anonymous FTP archive; and so on. I don't think there's any justification for classifying as criminal a simple attempt to determine what services a public server offers. When I portscan systems there is no concealment involved - I do a straightforward connect() scan to determine which ports accept connections from the general public (i.e. me). I don't see the problem - if the system is not designed to be for public access my portscan will give me that result (i.e. no ports will be available for connections from me address). If it is designed for public access I will have a list of what services it provides to the public, which was of course the entire point. Certainly then having this knowledge would be a useful starting point if I were interested in exploiting publically available services, but it's also a useful starting point if I want to legitimately use publically available services. Either way there is no crime committed in the actual act of portscanning.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

Re: portscanning (none / 0) (#46)
by UrLord on Sun Apr 22, 2001 at 04:26:33 AM EST

Granted, anyone who knows what they are doing and wants to take the time to really scan a system that is what they are going to do. Some IDS systems will pick up some of those attempts though. There are other ways of keeping your scan a "secret." One of the newer ones (to me anyhow) is kind of a DoS. You hit the IDS with as many "attacks" (ie anything that will set off alarms) keeping whoever watches the logs too busy to really be able to use that log. Not to mention spoofing and randomizing the originating ip address. With thousands of alarms set off per minute from thousands of ip addresses, some illegal some legal, the logs are worthless. Most companies do not hire enough people to read those logs and be able to make sense of them. There are currently tools that I have seen in action that can crash most commercial and free IDS systems quite easily.

I don't think that result should be possible though. Servers on the internet are by definition public servers, and the services which are publically available are public services. When I portscan a machine I am merely determining what (if any) public services that machine offers. If i get back "http" I might view the website; if I get back "ftp" I might see if it is an anonymous FTP archive; and so on. I don't think there's any justification for classifying as criminal a simple attempt to determine what services a public server offers. When I portscan systems there is no concealment involved - I do a straightforward connect() scan to determine which ports accept connections from the general public (i.e. me). I don't see the problem - if the system is not designed to be for public access my portscan will give me that result (i.e. no ports will be available for connections from me address). If it is designed for public access I will have a list of what services it provides to the public, which was of course the entire point. Certainly then having this knowledge would be a useful starting point if I were interested in exploiting publically available services, but it's also a useful starting point if I want to legitimately use publically available services. Either way there is no crime committed in the actual act of portscanning.

Ok there are other ways to find out which services are being offered by the machine. Check the domain's website. If they want you using the service they will advertise it. Now if you consider telnet whatever.domain.gtld 80 a portscan, then yes that is fine. It is not rude, it is acceptable to most servers and is not a reason to get your connection canceled. telnet whatever.domain.gtld 111 is a lot worse. Why should you care if thier RPC ports are open?

The way I see this is smoking a bong in front of a police station. Yeah, it may be tobacco but there will be consequences of your actions.

[ Parent ]

more on portscanning (4.00 / 1) (#47)
by Delirium on Sun Apr 22, 2001 at 04:44:46 AM EST

Ok there are other ways to find out which services are being offered by the machine. Check the domain's website. If they want you using the service they will advertise it. Now if you consider telnet whatever.domain.gtld 80 a portscan, then yes that is fine. It is not rude, it is acceptable to most servers and is not a reason to get your connection canceled. telnet whatever.domain.gtld 111 is a lot worse. Why should you care if thier RPC ports are open?

Well where do you draw the line? I personally just do a full portscan to see what they offer because it's easier - sometimes they offer strange things I wouldn't have expected but which turn out to be useful (having a server running on the quote port for example, or the network time port). But with your examples, would you consider my telnetting to a system (on the telnet port, 23) to be bad? Sometimes I telnet just out of curiosity because the telnet challenge prompt usually tells me what operating system the server is running. Should this be construed as a "hack attempt"?

The way I see this is smoking a bong in front of a police station. Yeah, it may be tobacco but there will be consequences of your actions.

But I don't think there should be (or legally can be) consequences of that action either. Sure you might get somebody coming up and questioning you, but I don't think you should or could actually be arrested for smoking tobacco in a bong in front of a police station.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

Re: more on portscanning (none / 0) (#48)
by UrLord on Sun Apr 22, 2001 at 05:11:34 AM EST

Telnetting to port 23 on a system you do not have an account on to find out which operating system it is running is ridiculous. Check thier http server. Most networks will run the same os on most of the machines. With the http server you can find out with a simple command, not to mention netcraft. Hopefully the admin took the banners out of most of the services anyhow. A complete portscan would seem hostile to me and I would report it.

But I don't think there should be (or legally can be) consequences of that action either. Sure you might get somebody coming up and questioning you, but I don't think you should or could actually be arrested for smoking tobacco in a bong in front of a police station.

Except for maybe a paraphernalia charge (I don't know about the laws on this and it is probably different depending upon jurisdiction). They may confiscate the bong which would be similar to cancelling your account with an isp. I just used that as an example of something you can legally do but might have bad consequences.

[ Parent ]

Re: more on portscanning (5.00 / 1) (#49)
by frozencrow on Sun Apr 22, 2001 at 11:50:18 AM EST

Well where do you draw the line? I personally just do a full portscan to see what they offer because it's easier - sometimes they offer strange things I wouldn't have expected but which turn out to be useful (having a server running on the quote port for example, or the network time port). But with your examples, would you consider my telnetting to a system (on the telnet port, 23) to be bad? Sometimes I telnet just out of curiosity because the telnet challenge prompt usually tells me what operating system the server is running. Should this be construed as a "hack attempt"?

It seems to me that you are either naive or playing dumb. If you want to find out what services a site offers, kindly do so in a manner that is easily distinguishable from a hostile probe. Alternately, you could just mind your own business, and leave other people's machines alone.

[ Parent ]

Re: more on portscanning (5.00 / 2) (#50)
by trog on Sun Apr 22, 2001 at 01:09:40 PM EST

It seems to me that you are either naive or playing dumb.

Exactly. And please try to understand...just because there is a machine on the internet, even if it is connected via a publically-routable ip, it is NOT publically available. The Internet is a collection of PRIVATE networks. Services that are offered to the world from these machines are done out of some sort of profit motive (money is not the only profit motive; the desire to be heard or to share information is one as well).

My home is not open to the public just because it is on a city street. Neither are my servers.

Don't delude yourself with idealism...the Internet is not and never has been free. Either companies funded it (now) or you funded it via tax dollars to the Department of Defense (in it's early years).



[ Parent ]
By setting up TCP/IP on your machine... (4.00 / 1) (#62)
by Peeteriz on Mon Apr 23, 2001 at 05:19:51 AM EST

.. you agree to accept TCP/IP packets. If your do not want to accept some of them, then set up filters. I have the right to ping/telnet your machines, unless you have disallowed it by making your machine not to accept the connections. Your machine on the net is private only if any and all connections/messages from outside are dropped. If you start a service, then it is public for anyone to look at, and your responsibility to filter out those whom you do not want. This is life. Get over it.

[ Parent ]
drones (none / 0) (#69)
by axxeman on Fri Apr 27, 2001 at 12:24:12 AM EST

Just because you can't think of a good reason, it doesn't follow that there isn't one.

People generally see what they want/expect to see. You might expect everyone on the net to fall into one of 2 categories: stupid and conformist, or evil hacker who's after your oh so precious system.

Or you might not, I'd have to portscan your brain to find out.

Being or not being married isn't going to stop bestiality or incest. --- FlightTest
[ Parent ]

Parking lots. (3.75 / 4) (#20)
by Inoshiro on Sat Apr 21, 2001 at 06:04:24 PM EST

Portscanning a machine is analagous to walking around a parking lot, trying all the door handles. It's not illegal, and the person may have a valid reason for it -- but most of the people doing it are going to take a next step which is illegal or wrong.

My system is not setup to block people who hit a non-connected port, but it is setup to log people who hit WellKnownRemoteRoot services, and will block anyone who portscans the machine. In the entire life of it being connected to the net (3 years and counting), I have seen 2 serious port scans. One from a security guy who hit the wrong machine (typo of 4 instead of 5), and one from my friend who wanted to see if I was secure. Both set off my alarms and ended up with them being blocked.

Why make life easy for a script kiddy? If you want to see if a service exists, telnet to that port and connect. If it's E_CONREFUSED, then obviously there's no service there. Besides, anyone who should be connected to my system (IE: I'm providing a service to them) will know what's available, because I will tell them. Security is also about not telling everything you know to any passing person :p



--
[ イノシロ ]
[ Parent ]
emailing admins (3.33 / 3) (#23)
by Delirium on Sat Apr 21, 2001 at 08:30:40 PM EST

I agree that you have every right to do that, but I disagree with mailing admins of people who do portscans. Portscans are legal in most jurisdictions, and IMHO should be legal everywhere. Mailing their admins is just assholish. Perhaps I should start mailing the admins of everyone I find is in possession of mp3s.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

What may not have been said (4.20 / 5) (#25)
by Miniluv on Sat Apr 21, 2001 at 08:55:55 PM EST

When I worked in the NOC of a large, old computer company we didn't respond to portscans alone. Then again, we rarely received just a portscan from an IP. I agree that sending off an email on just a portscan is probably a bit extreme, but it's also pretty rare, as most people who portscan are also likely to run whisker, saint, satan or something similar immediately thereafter. A good IDS will catch those even more readily than the portscan, and all of those types of probes are entirely valid reasons to email an admin.

Come on, tell me how to moderate. I DARE YOU!


[ Parent ]
Re: emailing admins (4.25 / 4) (#37)
by UrLord on Sun Apr 22, 2001 at 02:53:07 AM EST

Ok emailing admins may be assholish, but so is portscanning. That gives whoever monitors the logs a lot more work to do and another thing to worry about. See what that ip hit, record the ip, check previous logs to see if that ip hit before, see where the ip came from, see if that org hit our site before, then possibly write up an email. The emailing isn't just as easy as replacing names in a template and sending it off. There are records that should be kept on who has portscanned or whatever in the past. Also those machines that are doing the portscanning could be compromised machines and the admin should be notified immediately to reduce the damage as much as possible.

[ Parent ]
Re: emailing admins (none / 0) (#51)
by trog on Sun Apr 22, 2001 at 01:20:05 PM EST

Contacting the admin is essential if you expect anything at all to occur. With dynamic ips being the norm for most clients today, all someone has to do is disconnect, and they're gone. By emailing the admin (and forwarding a time-stamped chunk of the log), who it was can then be tracked down.

I can think of six instances where the email alerted an admin to the fact that one of his machines were compromised. This alone is worth being called an "asshole"



[ Parent ]
Re: Re: emailing admins (4.00 / 1) (#60)
by UrLord on Mon Apr 23, 2001 at 01:57:47 AM EST

Oh deffinately. I don't mind being called an asshole most of the time but especially when I have a reason to act like one. Portscanning in and of itself is not a big deal, but the threat of an attack is.

We can't change society in a day, we have to change ourselves first from the inside out.
[ Parent ]

We need a "public ports" service (none / 0) (#53)
by coffee17 on Sun Apr 22, 2001 at 04:49:37 PM EST

Which would eliminate the need for portscans. Talk to port 997 (or something else if that's taken) and it returns a list of public ports, maybe with an optional short text description. Thus one doesn't have to set off security alarms, and if they don't list a port in the public ports, or don't have said service up it would be safe to assume that anything open was not intended for public use.

I'd hate to think that such an idea has never been considered before, does anyone have any links related to this?

-coffee


[ Parent ]

Do it. (4.22 / 9) (#10)
by tiamat on Sat Apr 21, 2001 at 01:03:59 PM EST

You are tasked with the protection of your web services. So protect them.

I don't see this as becoming a big problem if the idea spreads. In fact, I would that that if more people did this, instead of causing a loss in traffic, it would lead to an increase of valid traffic. I would think that if a lot of companies started to cut off ISPs from Asia, then those ISP would eventually notice as their customs lost access to useful services/sites/etc. This would force the ISPs to actually have TOS and maybe even enforce some of them. It's like Adam Smith's invisable hand, but for the Internet.

Re: Do it. (4.00 / 2) (#38)
by UrLord on Sun Apr 22, 2001 at 02:54:56 AM EST

Not only will they possibly implement a TOS they may actually take time in securing thier networks...

[ Parent ]
Port Scan Paranoia (3.66 / 9) (#11)
by Bad Harmony on Sat Apr 21, 2001 at 01:17:43 PM EST

I think you are overreacting. A port scan may be from someone who intends to crack your system, but you don't know whether that is the case or not. It isn't sufficient cause to demand their head on a stick.

5440' or Fight!

Re: Port Scan Paranoia (2.50 / 2) (#42)
by UrLord on Sun Apr 22, 2001 at 03:32:29 AM EST

Like it has been said throughout the thread (and follows common sense)... blah blah blah possible compromised machine etc etc etc. Maybe they are nothing, maybe they are something. Should customer information or whatever is on the machine/network be risked by a lazy admin? Probably not.

[ Parent ]
what's wrong with paranoia? (3.00 / 1) (#52)
by coffee17 on Sun Apr 22, 2001 at 04:45:55 PM EST

Someone portscanning should fall in the same category as someone taking an extra close look at your house while not stepping into your lawn. Sure, they might just be curiosly looking at your house, but they also could be looking to see if you have anything worth stealing and how they might most easily break in. Of course, they could also be trying to figure out of the stuff on your lawn is free for all, part of a rummage sale, or just your stuff on the lawn.

It's sad that back in the day, a port scan was likely legitimate, someone looking to see what public services you were offering, and just generally curious as to what you were offering to the public. Well, that's not sad, what is sad is that currently IME, a portscan is most likely a sign of a script kiddie looking to see how easy your machine is to crack.

-coffee


[ Parent ]

Portscans aren't always hostile (none / 0) (#68)
by chutzpah on Mon Apr 23, 2001 at 12:19:25 PM EST

I occationally run a portscan on a machine, mostly out of curiosity as to what services they have open, not to check for security vulnerabilities or anything of that sort.

[ Parent ]
Critical mistake (2.76 / 17) (#12)
by Signal 11 on Sat Apr 21, 2001 at 01:28:34 PM EST

You have made a critical mistake in your approach - namely giving a damn about e-commerce, businesses, or profits.

Fact: Your system is routinely being probed by these remote sites.
Fact: Your system is being actively attacked on a regular basis.
Fact: It is YOUR system.
Conclusion: Fuck them. Wall the bastards off, and dare the government or any other entity to say you are "wrong" for doing this. The way I see it, we need an international cabal to deal with repeat abuses of the network.. a backbone cabal... that can issue the network connectivity equivalent of the Usenet Death Penalty. People who abuse the network should not be allowed to participate in it, regardless of who they are or what their justification is.

We have our own set of international laws. They are loose, not very demanding, but completely necessary. It's high time we take command of the internet and establish some non-government authority over it. It's quite obvious they're happy to carve it up into their own little fiefdoms, trying to hold on to outdated concepts like "property" online. I say damn them all, and we form our own online government to deal with issues like this.

But... I'm suffering from a hangover, and no doubt rambling.. so I'll stop now.


--
Society needs therapy. It's having
trouble accepting itself.

Simplistic thinking (3.75 / 4) (#15)
by B'Trey on Sat Apr 21, 2001 at 02:06:00 PM EST

There are a number of problems with your comments. First, from the story, it isn't clear that his system is being actively attacked on a regular basis. It's being portscanned. Certainly a port scan is rude; it can even be considered hostile behavior, as it's often a precursor to an active attack. But it isn't an active attack. It's only a scan. Second, walling off the bastards who are doing the port scan is fine. Unfortunately, it's seldom possible to wall off ONLY the bastards who are doing the port scan. You end up walling off a whole lot of other people as well, most of whom are absolutely innocent. And I doubt seriously that the guilty bastards are restricting themselves to port scanning one system. Next, the question isn't whether the government or any one else says he's wrong for doing it. The question is, is it ETHICALLY wrong to do it? The two have absolutely nothing to do with each other. Finally, we don't need international laws or a cabal to deal with this type of problem. Particularly not ones which are ready to give someone the internet equivalent of the death penalty because someone port scanned a system.

[ Parent ]
Innocence online? (none / 0) (#57)
by Signal 11 on Sun Apr 22, 2001 at 06:58:53 PM EST

end up walling off a whole lot of other people as well, most of whom are absolutely innocent.

Bummer. Their ISP should watch for behavior like that. I'm irked that Mediaone, my provider, has not banned certain users from abusing EFNet (an IRC network), and thus I cannot use EFNet. I don't blame EFNet for banning this netblock, I blame Mediaone for not enforcing their AUP. Place the blame where it can be placed - on the ISP, who is responsible for the behaviors of their users.

I doubt seriously that the guilty bastards are restricting themselves to port scanning one system.

All the more reason to encourage other ISPs to block them as well...

Next, the question isn't whether the government or any one else says he's wrong for doing it. The question is, is it ETHICALLY wrong to do it?

And then right after that: Finally, we don't need international laws or a cabal to deal with this type of problem.

Ah. So government shouldn't get involved, and neither should people online organize to get involved. I see. You recognize that it's a problem, yet deny both possible solutions. An interesting conclusion.


--
Society needs therapy. It's having
trouble accepting itself.
[ Parent ]

Look! Up in the sky... (none / 0) (#66)
by B'Trey on Mon Apr 23, 2001 at 07:33:07 AM EST

it's a bird, it's a plane, it's Signal11! Able to leap to astonishing conclusions in a single bound!

Let me see if I understand your logic. The scanners are abusing a system. So the solution is to take out the system, even if it screws a whole lot of other, innocent people who are also using the system.

Can't say that I really blame you. This sort of logic seems to be prevalent these days. Pirates abuse the Napster system, so the solution is to take out Napster. Someone might, somewhere, somehow, use DeCSS for piracy, so just ban the system period.

Ah. So government shouldn't get involved, and neither should people online organize to get involved. I see. You recognize that it's a problem, yet deny both possible solutions. An interesting conclusion.

You got all that from what I said? Impressive, considering that I never said that people online shouldn't get involved. I merely said that a knee-jerk reaction of banning an entire block because of a simple port scan was overkill, particularly if abstracted as a general policy. Additionally, if banning the block or getting the government involved is the only solutions you can come up with, I feel sorry for you. It must suck going through life with such an impoverished imagination.

[ Parent ]

My perspective (4.00 / 6) (#26)
by Miniluv on Sat Apr 21, 2001 at 09:02:38 PM EST

First off, your site is in a rather unique situation. Very few e-commerce sites are unable to deliver goods and/or services to foreign countries. In your situation I really don't see the ethical quandry, as you already must have some way of geographically segregating your users, so you might as well do it at the firewall if you trust IP registries as a valid way to do so.

The rest of the net is not in this situation. What they can, and should, do for the sake of system security is block everything that they don't provide at the firewall. Then scan the hell out of themselves to be sure they're really blocking everything but the services they want to provide. If they're that sure, then why even look for portscans? You know exactly what's being returned if you regularly audit your system, why let the script kiddies clog up your logs?

I myself am too paranoid for that, so I'll deal with larger log files reflecting a higher number of portscans for the sake of knowing exactly what is entering my network. I also pay more attention to actual attacks, be it whisker scans, or known vulnerabilities (IIS .. bug) being attempted on my system. Even that is not that major of a task. You setup snort, you load a well populated signature database and then you run a log analysis tool that you understand the mechanics of.

If you do things like the above there's no need to worry about walling anybody off at the firewall, so why put yourself into the ethical dilemma at all?

Come on, tell me how to moderate. I DARE YOU!


curious about something (3.83 / 6) (#29)
by eLuddite on Sat Apr 21, 2001 at 09:43:33 PM EST

Is the purpose of your site is to get the surfer to part with his or her credit card? Then I imagine you can safely block china, cuba, vietnam, north korea, russia and the former soviet block satellites, moslem nations (credit card = usury?) and assorted poverty stricken nations.

I find this reprehensible but I'd like to know if sites actually do something similiar. It's not like a sizeable chunk of the web is anything other than commercial dross, right?

What proportion of online sales comes from anywhere other than G7 nations? Is it worth the cost of bandwidth and chargeback penalties for an eCommerce site to be indiscriminate at the their router? Can one get away with only the US, Germany, the UK, Japan and Canada?

This is where it gets scary:

Assuming it is against the economic interest of at least some sites to only accept certain national traffic, how would they go about doing this in a shared server environment? Well, valueclick.com (i dont know if valueclick exists anymore than i know if kkkadclick.com does) could only drive white traffic to them, guaranteedish.

The ultimate targetted advertising - target people with money and thus the internet would imitate life.

Could it happen? Would it be wrong? Sure sounds wrong but the Internet is just a bunch of private networks, after all, who wouldnt be exchanging bits at all if they weren't chasing a profit.

---
God hates human rights.

in reality (4.00 / 1) (#31)
by danny on Sat Apr 21, 2001 at 10:15:24 PM EST

Is the purpose of your site is to get the surfer to part with his or her credit card? Then I imagine you can safely block china, cuba, vietnam, north korea, russia and the former soviet block satellites, moslem nations (credit card = usury?) and assorted poverty stricken nations.

You would probably class India as "poverty stricken", but it has a reasonably affluent middle-class of somewhere in the region of 100 million. There'd certainly be more people in India with credit cards than in Australia...

And there's nothing un-Islamic about credit cards. Historically, Mohammed was from a merchantile family and the Islamic world had standard commercial and contract law at a time when Europe was a bit of a mess that way.

Danny.
[900 book reviews and other stuff]
[ Parent ]

re: Curious (4.33 / 3) (#32)
by trog on Sat Apr 21, 2001 at 10:47:00 PM EST

While the website in question is a commerce site, the reason why this particular site isn't concerned with international orders is that due to laws that regulate the particular area of commerce this site is engaging in, the site could only be used by those living in the US. I cannot explain any more clearly, without saying exactly what the site is. (I want to keep the site confidential)

And yes, credit card information does exchange there, which is one reason (among many) for the paranoid system policies. However, the credit card information is not required, nor is it the reason that commerce cannot happen overseas.

This is not a sinister plot by the forces of evil to keep out the poor and disenfranchised(tm). This is an unfortunate legal reality of the area of business this company engages in.

Apologies for not being more specific than this.

But your comments, in general, have given me a great deal to think about. I would assume from an economic standpoint, it is mostly the affluent that shop online, keeping in mind that the poor in America would be considered "Middle Class" or better in many other countries.

However, this isn't necessarily a bad thing. I would be more troubled by the censoring of educational or polical materials then the ability to purchase something at bigdotcom.com



[ Parent ]
It's *your* Web server... (4.00 / 9) (#30)
by khym on Sat Apr 21, 2001 at 09:46:05 PM EST

(or at least, your company's web server); you don't owe it to anyone out there to make it available to anyone. If the security risk is outweighs whatever benefit you could get from people in that region (assuming that you could sell to people in that region), then just drop all packets coming from there.



--
Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life.
narrow blocking (4.28 / 7) (#45)
by Delirium on Sun Apr 22, 2001 at 03:54:00 AM EST

In general I disagree with this "collective punishment" approach. Certainly you're justified in blocking any individual you see fit to block, but I don't think blocking *.ca, for example, simply because you got a lot of canadian portscanners or crackers, is justified. I used to encounter this on IRC a lot as an AOL user - I would end up getting banned from channels simply because the operators were not intelligent enough to ban individual users, but instead banned *.aol.com.

My basic point is that bans should be as narrow as possible. If you consistently have problems from a particular netblock, block it, but don't block the entire ISP or entire country unless you're having problems coming from that entire range of IPs. (For example, you might be forced to block something equivalent to *.saskatoon.some-isp.ca if a user in Saskatoon keeps harrassing you from dynamic IPs, but there'd be no reason to block *.some-isp.ca or *.ca, even if the ISP or country in general isn't being responsive; don't punish more users than you have to).

--AIM: Delirium4u. Or read my diary.


Please learn what you're talking about in the futu (3.50 / 2) (#58)
by arcade on Sun Apr 22, 2001 at 08:27:40 PM EST

I used to encounter this on IRC a lot as an AOL user - I would end up getting banned from channels simply because the operators were not intelligent enough to ban individual users, but instead banned *.aol.com.

As a channel operator on efnet#norge - one of the biggest IRC channels on the face of this planet - I cannot do anything but laugh at that statement of yours.

First of all, its _impossible_ to place "intelligent bans" on the smarter kiddies. You can place bans on nick, ident or host/domain - or combinations of those. When you ban - you set a banmask. A thypical banmask is *!*@*.aol.com - which bans all nicks, all idents and all hosts and subdomains of aol.com. If you were to ban a single nick at aol.com -- the luser could just change his nick. If you ban *!ident@*.aol.com -- the luser could just disconnect and change his ident (if he controls he's identd - as every windowsluser does). If you banned his host, he could just disconnect and reconnect - and get right in again.

Due to DHCP and dynamic IP addresses, "intelligent" bans on IRC is quite simply impossible unless the offensive user is unlucky enough to have a static IP.

The easy thing to do, is to ban an entire topdomain - that works.



--
arcade
[ Parent ]
bans (none / 0) (#65)
by Delirium on Mon Apr 23, 2001 at 05:49:26 AM EST

Well as a long-time channel manager (5+ years) I don't think you need to patronize me by explaining what a banmask is.

Yes, I understand the many ways of evading bans, and do it myself now and then. However, banning *!*@*.part.of.hostname.com is usually the best solution. Sure, they can dial up their ISP again, but this quickly becomes ridiculously time-consuming for them. It's much easier for you to spend 1 second putting a ban on their new hostname than it is for them to dial up and get another one. Eventually they will give up.

If you're simply too lazy to do this, then I assume that for someone like me, who has accounts at several ISPs, you'd just ban *!*@*.com since otherwise I could "just disconnect and reconnect - and get right in again"?

--AIM: Delirium4u. Or read my diary.


[ Parent ]

*.aol.com (3.00 / 1) (#59)
by delmoi on Sun Apr 22, 2001 at 09:51:35 PM EST

I would end up getting banned from channels simply because the operators were not intelligent enough to ban individual users, but instead banned *.aol.com.

That's because you can't ban individual AOL users. To an IRC Op, they all look the same.
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
narrow (none / 0) (#64)
by Delirium on Mon Apr 23, 2001 at 05:45:30 AM EST

Well, banning *.aol.com by the server (the IRC Op comment) isn't what I'm talking about; yes, sometimes abuse necessitates that, but that goes along with the "narrowest possible ban" philosophy. It just sometimes happens to be the narrowest possible ban.

--AIM: Delirium4u. Or read my diary.


[ Parent ]

Are you peering? (3.00 / 2) (#54)
by coffee17 on Sun Apr 22, 2001 at 05:03:02 PM EST

From your article and replies, I assume that you are not actually peering with anyone. In that case, I say block whomever you want.

If you are peering, and you are dropping packets from potential offenders which are just passing thru your system, instead of to your system, then I think that you are doing something not quite right.

-coffee


Blocking, Business, and Freedom (2.00 / 1) (#61)
by Renegade Lisp on Mon Apr 23, 2001 at 04:43:54 AM EST

Blocking an entire region or country from accessing your web site seems like a severe damage to the nature of the Internet to me. Even if people outside the US can't do business with you, don't underestimate the effect which the sheer presence of sites such as yours can have.

The downfall of the Berlin wall in 1989 was, to a very large degree, influenced by the fact that people in Eastern Germany had access to Western television and other media -- although it was of course illegal for them to watch or listen, and of course they had rather limited means for doing business with Western companies...

Ethics of net blocking according to region | 69 comments (68 topical, 1 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!