Home page logo
/

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Phil Brammer <security () wjjeep com>
Date: Thu, 18 Mar 2004 12:54:23 -0600

On Thu, Mar 18, 2004 at 06:46:26AM -0500, ~Kevin DavisĀ³ wrote:
I have mail box out front for communication and a phone.  People can
call me.  But them attempting to find other ways into my house is
tresspassing.  And such activity can indicate an attempt to break in
is forthcoming.

This analogy was born without legs. A portscan is a means of finding out
what services you are providing to the public. Nothing more. Nothing
less.

No, it's not.  It's a perfectly valid analogy.  While it is encumbant upon
an individual that they should know what windows they have unlocked or ports
they have open by a service to secure themselves, it does not mean that they
always will.

If their window is unlocked that doesn't mean that everyone who knows or
finds out that the window is unlocked is freely invited inside.  Expecially
if the person who owns the house doesn't realize that the window is unlocked
at the time.  Similarly, if a port is open on a box, that doesn't mean
everyone is free to use it as they please.  Particularly if the person
doesn't realize that the port is even open.

Oh, stop.  A port scan doesn't test your locks.  

What I fail to see is, where does this analogy of testing the locks on your doors/windows come into play?  Comparing 
this to windows isn't exactly appropriate; I would argue that (for instance) if I found port 23 open on your machine 
via nmap the actual act of telnetting into your system would be testing your locks.

Maybe this would be a better analogy.  Stick a person in said window on the side of the house.  Walking up to this 
window, I hold up a sign that says: "Are you open?"  If the person in the window responds, "Yes!"  Then I respond with, 
"Thank you!"  This window would be considered OPEN in port scanning terms.  If the person responds with "No!" then said 
window would be considered closed.  If there is no person in the window, I won't even get a response, and will consider 
it closed.  This isn't *quite* accurate in TCP/IP speak because the OS will handle the RST of the SYN packet sent by 
the scanner if there is no service listening on the port.

Now, let's assume that the person in the window responded that it was open.  Okay, fine, so I decide to enter through 
the window (perhaps using a ladder, like Telnet).  I climb up to the window and ask again.  "Are you open?"  The person 
responds with, "Yes!"  So, I proceed to start the process of entering the window.  As soon as my foot touches the 
window sill, the person asks for the secret code word needed to enter.  "Bah!  I don't know that!"  At that point, the 
person decides to shut the window.

Do you see where this port scanning analogy fails when comparing to testing locks on your doors & windows? 

And, by the way, for a port to be open, there must be a service listening on it.  If that's the case and you are on a 
public IP address, then the public are allowed to connect.  Otherwise, this is when you'll want to implement your ACLs.

I'm not a TCP/IP guru by any means, but I'd hope everyone gets ths gist of what I'm clucking.

Phil

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault