Matthias GÃntert am Montag, 20. MÃrz 2006 13.45:
Dear listmembers,
i am seeking for a new job as a Unix/Linux systemadministrator. There
has been an advertisement at a well known university. So I started to
prepare my self for the application. While collecting some information
about the network, using nmap, dig, etc... I was able to read the whole
namespace from the ip range (255.255.0.0)
My question is should I use some of the information I have found out to
push my application forward? What do you think how a director would
react?
Hello all, and sorry for my quite bad english (and not being a lawyer, and not
being an admin of a university network)
This is one of the most interesting discussions I've ever read on this list.
It shows, in my opinion, beside other things:
[] two main perspectives, a legal, and a technical, which lead to rather
different conclusions.
[] that (although I'm not sure) it's also a question of "culture"; It seems
that in the US culture a port scan is seen as a bigger problem than in
Europe.
[] that it has an impact on the "public internet usage by the masses" [sorry,
don't know better to say] in the future, if the legal or technical
perspective triumph.
(and since economy and products and property rights tend to get virtual to
circumvent the limitation of real resources and to guarantee constant
economic growth, and laws are most suitable as a means of power, the
former will triumph, I'm sure)
I have another analogy try (sorry for that :-) :
Putting a box with a public IP on a public net offering public services is
like presenting products in a Walmart or an Aldi respectively. I'm neither
obliged to know what I'll buy before visiting the store, nor to only buy
products that have been advertised. I look at different places, and search,
to see what's availabe, and touch. This is all legal.
I'm also not obliged to only look for one product, say, a day: I'm allowed
to scan what's available with a quick eye scan. If the store does not want to
sell a certain product, it does not place it in the store. It may close the
store (the ability for others to see what's available) for a certain time.
Illegality starts when stealing/destroying a product or entering the store
when it's closed.
(Most of) the analogies with the doors and windows miss a main point: My house
is not a *public* building - and I can't take it completely "offline" like a
computer, so the public/private context is completely different.
When I was Matthias GÃnthert, I would present the collected information (in
Europe) to demonstrate my skills, although it may be a risk. A better
alternative could be to offer a live network examination and repeat the steps
already done (without mentioning the preparation and thus appear even more
capable ;-)
But hey, to minimize risks be mainstream, present certifications, say what
they want to hear, don't show any individual profile...
Asking an European list would be an idea too...
Hans
Sorry for the lengthy post.
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
