Home page logo
/

basics logo Security Basics mailing list archives

RE: Legal? Road Runner proactive scanning.
From: "Mark Medici" <mark () dbma com>
Date: Fri, 12 Mar 2004 18:31:38 -0500

From: Bryan S. Sampsel [mailto:bsampsel () libertyactivist org]
Sent: Friday, March 12, 2004 11:23 AM

If you're the customer.  However, if you're not the customer, they
have no
legal right to scan your resources.

That's a different matter, but still it's not illegal, at least not
under any law that I have seen.  But IANAL or a cop, YMMV and all that
stuff.  While I might not like someone scanning my ports, there is
nothing particularly bad about it, unless it is done in such a way as to
constitute a denial-of-service attack or harassment.  

Now, how the person scanning uses that information may be illegal
(attempting an exploit) or negligent (unauthorized disclosure to third
parties).  

Port scanning is such a common and innocuous occurrence that there's no
reason for it to even be a part of your normal IDS alerts or reports.
Just block it and log it and ignore it unless/until there's an
escalation, then go back to the raw logs for evidence.  Of course, if
the port scans make it through to your DMZ or internal network, then I'd
want to see alerts from the IDS's in those zones.

As for testing all connecting SMTP servers for the presence of open
relay/proxy, I think this is a matter of self preservation and a feature
I'd personally like to see my MTA provide.  It's hard to argue against
something that makes good common sense.

If it makes you feel better or more secure to firewall-off every IP that
scans your ports or checks for open relays, then go ahead and do it.
But expect to keep busy, and potentially loose communications from bona
fide customers in the process.



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault