Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sun, 14 Mar 2004 14:17:16 +0100

On 2004-03-11 Bryan S. Sampsel wrote:
On Thu, 11 Mar 2004, James P. Saveker wrote:
You consider a port scan to be an attack?

Why is a port scan an attack?  Do other people on this list agree
with this?

Yes, I consider a port scan to be an attack.  It is a probe to inspect
my system, quite often a precursor to an actual attack if performed
successfully.

It is not unusual to look at a port scan in this fashion...

To be more explicit, sometimes a portscan can be an indicator of
system problems elsewhere.  I once reported activity from one
particular server...the owner replied that he wasn't running any
sotware like that and after inspecting his box, found he had a rootkit
installed.  The user of the rootkit was probing my system.

One offender found he had a virus-infected system out there...never
had a problem after that.

I've correlated data between port-scans and failed attempts to exploit
my ftp daemon.  Makes for some interesting stuff sometimes...

IMO, yes, a portscan is an attempted breach.

I have to respectfully disagree. Portscans *may* very well be utilized
by an attacker to identify what is running on a system, so they *may*
indicate a forthcoming attack. OTOH finding out what services some box
provides IMHO is a legitmate means for any potential user.

If you don't intend to provide a service then why do you make it
available? If you run a service with known vulnerabilities then why
don't you fix/change it? If you intend to provide a service and there
are no known vulns then why do you consider portscans a problem? Do you
really believe security thru obscurity is going to work?

To sum up: a portscan may or may not indicate a forthcoming attack, but
it is *not* an attack in itself.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault