Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Derek Schaible <dschaible () cssiinc com>
Date: 18 Mar 2004 12:08:47 -0500

On Wed, 2004-03-17 at 21:16, Ansgar -59cobalt- Wiechers wrote:
On 2004-03-17 Bryan S. Sampsel wrote:

A portscan is a method of taking a wide-angle snapshot of my system.
Not quite the same thing.  Hope that explains it.

No. I still fail to see how you are going to provide arbitrary users
with the information I mentioned above.

How else should I call hiding the services you provide by prohibiting
portscans (or trying to)?

Preventing an unauthorized person from scanning my box is merely the first
step in protection...I guess I can buy the obscurity label.  But, using
that as a first step isn't wrong.

I didn't say anything about wrong. I just don't see much sense in it.

Absolutely nothing wrong with it. there are methods we can all employ
simply enough to prevent port scanning of those ports we are not
providing. Really, there is no reason to complain about anyone scanning
your host. It's silly, no analogy is needed.

If hiding your service is your goal, realize obscurity isn't security.
Is it worth obscuring? Sure, I guess, but its zero to your security - I
guess its a fun exercise though.


It's merely a piece of the protection...perhaps it might be akin to
using window blinds.  They don't keep people from breaking in the
window, but do prevent people on the street from peeking at the inside
of my house to decide if it's worth breaking into or not (stereo, TV,
whatever).

Would you please stop making up stupid anlogies? Thank you. A port scan
is not telling someone what's inside your house. It tells just which of
the stores in the basement are open.

OK, the analogies are getting really silly.

Can we put this to rest? If you don't know how to block port scans,
maybe the question "How do I prevent portscanning?" should be asked.
Regarding its legality is pointless - its meaningless, the act of it is
harmless. Worse case? Your log files get filled up - maybe your logging
is too agressive?? Abusive packets sent? this is a DoS and bears no
responsibility to scanning. Any open port can be DoS'd. Your host does
*not* need be scanned for this sort of activity to occur.

Just what do we hope to accomplish by continuing this thread??

-- 
Derek Schaible <dschaible () cssiinc com>
CSSI, Inc.

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]