> When I exchanged mail with you about buying ISS for some work that I
> am doing for our members, you said that you would be hard coding in
> the addresses that one was allowed to scan. (the network numbers that I
> have assigned to me). If that is still the case, then how are you
> going to enforce that for the versions that will be for available on
> the platforms described in your recent message?
Yes, in my package I tell people that the registered version will have
unlimited time and restricted to scan only the networks owned by that
organization. This ensures that if someone is able to get a hold of ISS
from that company , that the company isn't liable because someone scanned
other organizations since ISS is limited to that company's networks.
This is test version I am releasing. It is intended to let admins to have
a good look at their network for holes and also see how well ISS works. It
also hopefully will let admins send me comments, suggestions, direction for
ISS. In good faith, I am releasing a test-version, hoping no one
abuses it, in that they dont scan other organization's networks, or try to
'crack' ISS so it works past January.
I dont think restricting ip-address will be a problem since most
companies arent interested in intruding on other's networks. :)
And it also ensures some control on ISS and the company doesn't need
to worry about an employee trying to poke around other companies,
other than their own.
If this is a problem, email me directly and not to a mailing list where
most people dont care. If others do, they can email me directly as well.
I will be out till the First week of January. Going on a needed
Christopher William Klaus Email: cklaus @
net Author:Inet Sec. Scanner
2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)206-1513.