On Thu, 11 Mar 2004, James P. Saveker wrote:
You consider a port scan to be an attack?
Why is a port scan an attack? Do other people on this list agree
Yes, I consider a port scan to be an attack. It is a probe to inspect
my system, quite often a precursor to an actual attack if performed
It is not unusual to look at a port scan in this fashion...
To be more explicit, sometimes a portscan can be an indicator of
system problems elsewhere. I once reported activity from one
particular server...the owner replied that he wasn't running any
sotware like that and after inspecting his box, found he had a rootkit
installed. The user of the rootkit was probing my system.
One offender found he had a virus-infected system out there...never
had a problem after that.
I've correlated data between port-scans and failed attempts to exploit
my ftp daemon. Makes for some interesting stuff sometimes...
IMO, yes, a portscan is an attempted breach.