Re: Dynamic IP log retention = 0?

From: Neil (no email)
Date: Sat Mar 14 2009 - 22:05:46 EDT

  • Next message: Andy Bierlair: "Re: Netflow on SUP720-3BXL"

    On Sat, Mar 14, 2009 at 6:24 AM, Bill Bogstad <> wrote:

    > On Sat, Mar 14, 2009 at 4:12 AM, Neil <> wrote:
    > > On Wed, Mar 11, 2009 at 6:34 AM, Brett Charbeneau <> wrote:
    > >
    > >.........
    > >As William pointed out, it's the things that follow that determine whether
    > >someone's being bad. To flag port-scans might be responsible, but I think
    > >pursuing legal action over it would be the exact opposite. Wait until
    > >someone demonstrates true maliciousness before trying to punish them,
    > rather
    > >than bringing the heat merely because they've demonstrated the potential
    > for
    > >maliciousness.
    >
    > In the physical world, this is the equivalent of 'casing the joint'.
    > In most parts of the world, you can now get stopped/interrogated for
    > simply taking pictures of the wrong buildings. (Even ones that in the
    > past might have been considered tourist attractions.) Whether you
    > think this is a good/bad thing, you shouldn't be surprised that people
    > are similarly concerned about such behavior in the virtual world.
    >

    Getting stopped/interrogated for simply taking pictures of tourist-y, or
    other, buildings is over-reacting as well, in my opinion. (For nearly all
    of them, there are already existing pictures of them; and once the Bad Guys
    get wind that people are being stopped for taking pictures, they'll either
    use already existing pictures, or go up and take them, get stopped, and
    blend in with all the other innocent people taking pictures... Pointless,
    unless someone's sitting on some magical Bad-Guy-Identifier that only works
    in interrogations.)

    And there's another name for 'casing the joint', it is 'looking around'.
    Looking around generally isn't a crime. Neither is casing a joint, for that
    matter. And like I suggested with port scanning, whether someone was
    'looking around' or 'casing the joint' is really only determinable after
    they've robbed the joint or not. Before that point, you're almost stabbing
    in the dark.

    >
    > >
    > > This is almost akin to attacking someone because they're carrying a gun:
    > > sure, the gun gives them the potential to do bad things, but it often
    > enough
    > > is innocent. (Political agendas aside...)
    >
    > No, this is more like some unknown guy in a high-rise a mile a way
    > pointing his laser sniper scope at people walking in the park. They
    > don't KNOW that he has a rifle attached to that scope. Even if he
    > does,
    > they don't KNOW that he plans to use it. Most people will never
    > notice that little red dot in the middle of their chest. If they do
    > notice and report it, however, I can guarantee that a significant
    > investigation will
    > take place.
    >

    That's a bit questionable as well; the intention with a port scan is hardly
    so well defined as you suggest. And what if that little red dot is simply a
    laser pointer? I think I'd assume laser pointer before laser-aiming sniper,
    following the "Don't attribute to malice what could be attributed to
    stupidity instead" maxim or Occam's Razor...


  • Next message: Andy Bierlair: "Re: Netflow on SUP720-3BXL"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD