[ntp:questions] ntp survey

Richard B. Gilbert rgilbert88 at comcast.net
Wed Dec 31 13:56:13 UTC 2008


Unruh wrote:
> "Richard B. Gilbert" <rgilbert88 at comcast.net> writes:
> 
>> Unruh wrote:
>>> Tim Shoppa <shoppa at trailing-edge.com> writes:
>>>
>>>> On Dec 30, 12:32=A0pm, Unruh <unruh-s... at physics.ubc.ca> wrote:
>>>>> "Richard B. Gilbert" <rgilber... at comcast.net> writes:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Tim Shoppa wrote:
>>>>>>> On Dec 29, 10:47 pm, ma... at ntp.isc.org (Danny Mayer) wrote:
>>>>>>>> Antonio,
>>>>>>>> If you are really from nic.br please use your email address from that
>>>>>>>> domain. It is unacceptable to use a gmail account for such notificati=
>>>> ons.
>>>>>>>> Danny
>>>>>>> This is usenet, where anyone can set their "from" address to anything
>>>>>>> they want, and posting with an E-mail address that is adequately spam-
>>>>>>> filtered makes perfect sense.
>>>>>>> I'm not sure there's any real requirement that anyone has to announce
>>>>>>> any particular e-mail address to run a NTP survey. He made the
>>>>>>> methodology clear, said where the queries will be coming from, and I
>>>>>>> think it's good that surveys continue and, like Antonio and his
>>>>>>> collaborators do, they make the details and results public.
>>>>>>> Tim.
>>>>>> There is no requirement that he even announce his survey! =A0It is polit=
>>>> e
>>>>>> for him to do so but no more than that.
>>>>> Well, Under various laws he may be guilty of hacking/cracking/illegal use
>>>>> fo computer time/... unless he gets permission. There has at least been a
>>>>> strong feeling by many expressed that access does not imply permission. I=
>>>> e,
>>>>> just because the ntp port is open does not mean that anyone has permissio=
>>>> n
>>>>> to use that port (eg is port scanning legal?). It is of course a complete=
>>>> legal can of worms.
>>>>> But announcing the survey here might be useable as a partial defense =A0i=
>>>> f
>>>>> the worms wriggled out of the can.
>>>> Bill -
>>>>  NTP surveys are good things. NTP Surveys that publish their results
>>>> are even better. A NTP client is a server. Port scanning is bad.
>>> I do not dispute that and I suspect that any court would take that position
>>> as well. I am hypothesising that one of the reasons they announced the
>>> survey was as one more brick in a possible defence against some prosecutor
>>> in some jurisdiction accussing them of hacking.
>>>
>>> There have been interminable arguments as to whether or not port scanning
>>> should be criminalised. That would almost certainly extend to this kind of
>>> survey. I think it would be a very bad idea to criminalise port scanning,
>>> but many people think otherwise. 
>>>
> 
>> Port scanning, very occasionally, has legitimate purposes.  I once used 
>> a port scanning program to find out what port(s) a copier/printer used. 
>>  It did not use the standard port that I expected but the port scan 
>> told me what I wanted to know.
> 
>> Now port scanning something that is not yours, if not criminal, is 
>> certainly extremely bad manners and suggests that you have nefarious 
>> intentions.  It  goes on all the time!  I have a router/firewall that 
> 
> Well, the ntp survey is a "port scan " (one port, but getting no trivial
> information from it). Any law would have a hard time differentiating
> between the "port scanning that is not yours" and the ntp survey.
> 

Enjoy your tantrum then!




More information about the questions mailing list