Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 18 Mar 2004 03:16:26 +0100

On 2004-03-17 Bryan S. Sampsel wrote:
Ansgar -59cobalt- Wiechers said:
On 2004-03-15 Bryan S. Sampsel wrote:

No regular, authorized user should be scanning.  That user will be
provided the information as necessary.  Sorry.

Your are going to explain how you are going to do that, e.g. for
publically available services on ports that are not well-known,
aren't you? And even if so, what's it hurt if someone goes finding
out for himself? I still don't get your point.

Simple.  A connection attempt from an established known service, such
as HTTP, IMAP, SMTP, etc, is NOT the same as a portscan.  Somebody
attempting to utilize specific, known services is not performing the
same action...and I can check my logs to watch for abusive patterns
(excessive ftp logins, etc).

Which word exactly of "ports that are not well-known" didn't you
understand?

A portscan is a method of taking a wide-angle snapshot of my system.
Not quite the same thing.  Hope that explains it.

No. I still fail to see how you are going to provide arbitrary users
with the information I mentioned above.

How else should I call hiding the services you provide by prohibiting
portscans (or trying to)?

Preventing an unauthorized person from scanning my box is merely the first
step in protection...I guess I can buy the obscurity label.  But, using
that as a first step isn't wrong.

I didn't say anything about wrong. I just don't see much sense in it.

It's merely a piece of the protection...perhaps it might be akin to
using window blinds.  They don't keep people from breaking in the
window, but do prevent people on the street from peeking at the inside
of my house to decide if it's worth breaking into or not (stereo, TV,
whatever).

Would you please stop making up stupid anlogies? Thank you. A port scan
is not telling someone what's inside your house. It tells just which of
the stores in the basement are open.

Portscans are comparable to somebody checking all my windows and
doors to see if they're unlocked.

So? Lock them already, if you don't want them to be open.

That is irrelevant.  Even were I foolish enough to leave a system
unprotected, nobody has the right to poke around it, let alone molest
it. Same holds true for my house.  Even an unlocked door does not
allow somebody to tresspass.

It holds true only for your house. Not for public servers.

I have mail box out front for communication and a phone.  People can
call me.  But them attempting to find other ways into my house is
tresspassing.  And such activity can indicate an attempt to break in
is forthcoming.

This analogy was born without legs. A portscan is a means of finding out
what services you are providing to the public. Nothing more. Nothing
less.

No.  A portscan is more than that.

I fail to see how.

If you wish to see if I run a website, use your browser.  If you wish
to send email to that box, send email.

If I wish to shoot me in the foot, I buy a gun. Thats a lot easier an a
lot less painful.

Let the known, public services do what they're intended to.  Unless I
authorize you, the rest is none of your business.

If you don't want a service to be public, then don't make it public.
What's so hard about that?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault