Home page logo
/

basics logo Security Basics mailing list archives

Re: Legal? Road Runner proactive scanning.
From: "Gnuthad" <securityfocus () aussie mine nu>
Date: Sun, 14 Mar 2004 13:34:27 +1100

  I am of two minds over such probes from a network provider. On one
hand I welcome scans for open proxies and relays as this helps to
prevent abuse not only of that provider's network but also of my
network and all intervening networks. I doubt that I am alone in
receiving (and blocking) thousands of spam emails every day from open
relays and proxies on home-based computers.

  On the other hand, should service providers be doing widespread 
port scans on their customers' systems without permission? In this 
respect, I consider such a scan to be as much abuse of the network as 
a customer spewing out thousands of spam emails a minute.

  I have used service providers who have performed regular relay
checks (port 25 only) on all their customers and I am very pleased
that such a system exists for that provider as it helps to ensure 
that home users with mis-configured or unknown servers are located 
and notified of their problem before widespread abuse occurs. I was 
at one stage blocking the servers doing these scans but I later 
removed those blocks because I had a think about the situation and 
came to the conclusion that a relay test of my (correctly configured 
and secure) email server demonstrated that my provider was serious 
about preventing network abuse. I am proud to let my provider know 
that I run an email server which is secure and does not relay for
unauthorised persons.

  Unfortunately my current provider does not undertake this same
scanning however they have been very quick to locate and shut down 
any customers who have open relays and proxies, something which is 
sadly lacking in many providers more interested in their customers' 
money than being a good netizen.

Gnuthad
securityfocus () aussie mine nu
----------
Note: This address accepts emails only from securityfocus servers. If
you wish to reply please do so via this list rather than directly as
your email will be otherwise refused.
----------


On 12 Mar 2004 at 8:42, Charles Otstot wrote:


I would certainly consider port scanning to be an attack, based on
the intention(s) implied by such activity. Although I am far from a
security expert from a technical perspective, it seems to me that
the answer to this question lies not in technical arguments, but
rather on determining whether one has the right to access someone
else's network without permission. I, for one, believe that noone
(and no organization) has the right to access my network or any
systems on that network without permission. Permission to access a
given resource does not necessarily have to be explicit (i.e
accessing a publicly hosted web page would generally be
permissible), however,  ordinary concepts of reasonableness (what a
reasonable person would consider ok) certainly apply (e.g.
intentionally accessing an accidentally accessible resource that is
clearly intended to not be accessible would be considered improper).
I would view port scanning, regardless of the source, as improper
access to the network. It seems to me that a reasonable person would
not consider it permissible for an outside entity (e.g a business
competitor) to surrepticiously attempt (the breadth and depth of the
access and the resources accessed without explicit permission would
help one determine whether the attempt.is indeed surrepticious) to
access resources on the network. A port scan against one or more
hosts by an outside agent implies an attempt to find services with
potential holes active on the network. That in, and of itself,
implies that the scanner will utilize any information found to
launch (further) attacks against specific hosts in an attempt to
gain further access to the network. As the "scanee", I can only
consider such access an unwanted, unauthorized intrusion with
(likely) malicious intent. As such, I would necessarily view port
scans to be an attack (even if only limited) against the network.

Charlie

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault