Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Phil Brammer <security () wjjeep com>
Date: Tue, 16 Mar 2004 16:14:29 -0600

On Mon, Mar 15, 2004 at 11:41:08AM -0700, Bryan S. Sampsel wrote:
Jef Feltman said:
So if someone comes and knocks on your door at home you shoot them? Do you
consider them a criminal? No, you lock the door and windows.

Not quite an accurate comparison.  A portscan is comparable to somebody
testing those locks and windows.  An action that has legal ramifications. 
And legally speaking, a tresspasser doesn't have to bypass a locked door
to tresspass.

A knock is a "service" -- a method of communicating with my house.  As is
a phone or mail.  Just a tad different than a security probe.

I disagree with this.  A port scan does not test your locks.  Basically, a port scan tells the scanner that there are 
windows/doors available to try.

(This is just my perspective on the matter.)

If I drive down the street and look at your house, I can count the number of openings that I would have access to the 
interior of your home.  Some of those windows might be open.  Some might be closed. 

I think the issue here is that if I walk up to your door and test the lock, wouldn't that be akin to the actual process 
of attempting to log into said service and maybe tying a brute-force attack?  

If your host is on the internet I consider it public and knocking on the
door to see if the shop is open, is not a problem. If you do not want
people
coming in the door lock it and give a key to those who need it.

Still not an apples-apples.  There are legit ways of communicating with my
system.

Like what?  Keep in mind you are on a PUBLIC system.  You don't own your IP address like you do your home property.  
It's a little different.  You might own a name to an address, but you don't own the address.  Your IP address might be 
assigned to you, but it's still not your address.

If I head to our local arena and walk around the facility, I'm entitled to grab the doorknob on any door I walk by.  
Now, if I found a door that was unlocked and had a sign that stated "Employees Only," I can see that I could be 
punished for entering the room.  But, merely checking the doorknob is not punishable.  It's a public place and 
locations that are not public need to have proper safeguards in place to prevent unauthorized access.

Based on your statement no website should not be accessed by anyone other
than an employee. Sending E-Mail would be a violation also, as the port
must
be checked to verify it can be opened to receive.

Nope.  Email performs a handshake, it does not probe an entire system to
communicate.  If it receives no response on its connection attempt, it
ceases activity.

A gentle port scan on every port it checks also performs a handshake.  It's TCP for god's sake.  In fact, if you have a 
firewall blocking access to a port (DROP) that is not allowing the RST flag to get sent back to me, are you not in 
violation of your handshake scenario?  

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]