Right. Just because there are machine names out there
you aren't giving the vandals any real advantage in things.
There is security, and there is the attempt at security by
obscurity, and this is one of the latter things.
A vandal who is interested in trawling around for juicy sites
at MSU isn't going to need a list--they're going to engage
in some form of port scanning which is going to be far
faster, test for more things, and disregards what might
be of interest on paper for what is actually out there.
Having data online for the MSU community to read is a good
thing. Putting barriers around it means that I'd likely have a
harder time looking at it from my home cable system in Ann
Arbor for example.
Keep information free and available. The benefits of doing
that as much as possible always outweighs the negative.
Never let the fear of vandals formlate policy.
--STeve Andre' (Political Science)
On Monday 29 March 2004 08:39, Russell J. Lahti wrote:
> I quite honestly don't see a problem with it. Anyone could always
> program a virus to attack a certain computer. Outside attackers
> need nothing more than whois to find MSU's entire address space,
> and some reverse DNS to figure out what's where. I believe this
> information posted publicly provides a much greater resource for
> those with good intensions than it does for those without. Taking
> the information off the web really wouldn't hide any of it from
> someone intent on finding it.
> Andrew wrote:
> > Is it really a good idea to list all of the IP address, host files, and
> > the entire MSU network layout on a public website
> > (http://network.msu.edu/)? With the virus going around, anyone could
> > program a virus to attack a certain computer. Even an outside hacker
> > could just focus his attack to a specific machine. I can see no logical
> > reason for this information to be available to the public.
> > Andrew McCormack