Home page logo
/

basics logo Security Basics mailing list archives

RE: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 15 Mar 2004 09:33:19 -0800

So if someone comes and knocks on your door at home you shoot 
them? Do you consider them a criminal? No, you lock the door 
and windows.

If your host is on the internet I consider it public and 
knocking on the door to see if the shop is open, is not a 
problem. If you do not want people coming in the door lock 
it and give a key to those who need it.

  If someone chucks stones at my doors, walls, and each of my 
windows, to see if they're open or not, I call the police.  The
fact that I have an open front door to my place of business does
not diminish my right to do so.  The fact that one of my windows
was also open does not diminish it.  The claim that the vandal was
"just checking for openings" does not absolve them when one of their
stones breaks a window, either.  (Some esoteric types of port-scan 
HAVE been known to crash insufficiently resilient pieces of
network equipment.  I do not believe that your claim that port
scans have never done damage is supported by reality.)

  If I advertise my front door, I may be limited in my right to
refuse service to people who come through it.  If I leave the
back door unlocked -- however foolish that turns out to be! -- that 
does not constitute an invitation for the general public to use the 
employee entrance.  (If I were inclined to prosecute a passerby who
came in that way to alert me that the building was on fire, he would
be protected by the common-law defense of necessity, NOT some bogus
"it wasn't locked" defense.)

Port scanning is not an attack it is probe. 

  A dentist who sticks his tools in my mouth without asking first
commits assault.  An alien abductor who spelunks my bowels is not
a friend.  Your implication that "probe" is never a subset of 
"attack" is spurious.

Dave Gillett




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]