Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Mon, 15 Mar 2004 11:26:19 -0700 (MST)



Ansgar -59cobalt- Wiechers said:
<snip>

I have to respectfully disagree. Portscans *may* very well be utilized
by an attacker to identify what is running on a system, so they *may*
indicate a forthcoming attack. OTOH finding out what services some box
provides IMHO is a legitmate means for any potential user.

No regular, authorized user should be scanning.  That user will be
provided the information as necessary.  Sorry.


If you don't intend to provide a service then why do you make it
available? If you run a service with known vulnerabilities then why
don't you fix/change it? If you intend to provide a service and there
are no known vulns then why do you consider portscans a problem? Do you
really believe security thru obscurity is going to work?

Nothing about obscurity ever played into my explanation.  As to vulnerable
services...find me one that hasn't had a vulnerability show up.  And find
me one that, even when the patches are kept up to date, has not
occasionally been exploited before patches became available.

Portscans are comparable to somebody checking all my windows and doors to
see if they're unlocked.  I have mail box out front for communication and
a phone.  People can call me.  But them attempting to find other ways into
my house is tresspassing.  And such activity can indicate an attempt to
break in is forthcoming.


To sum up: a portscan may or may not indicate a forthcoming attack, but
it is *not* an attack in itself.


The point is debatable.  I consider it enough of an indicator that I take
it seriously.  Sometimes, it isn't even a person doing the attack, but an
infected machine.  More than one virus performs portscans.

Anybody who wishes to communicate to my resources can do so by normal
means: web browser, email, etc.  All such services will be published where
appropriate.  Simply providing one service does not give tacit approval
for somebody to probe my resources.

Regards
Ansgar Wiechers

laters,

bryan

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]