mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Phil Brammer <security () wjjeep com>
Date: Thu, 18 Mar 2004 12:54:23 -0600
On Thu, Mar 18, 2004 at 06:46:26AM -0500, ~Kevin Davis³ wrote:
I have mail box out front for communication and a phone. People can
call me. But them attempting to find other ways into my house is
tresspassing. And such activity can indicate an attempt to break in
This analogy was born without legs. A portscan is a means of finding out
what services you are providing to the public. Nothing more. Nothing
No, it's not. It's a perfectly valid analogy. While it is encumbant upon
an individual that they should know what windows they have unlocked or ports
they have open by a service to secure themselves, it does not mean that they
If their window is unlocked that doesn't mean that everyone who knows or
finds out that the window is unlocked is freely invited inside. Expecially
if the person who owns the house doesn't realize that the window is unlocked
at the time. Similarly, if a port is open on a box, that doesn't mean
everyone is free to use it as they please. Particularly if the person
doesn't realize that the port is even open.
Oh, stop. A port scan doesn't test your locks.
What I fail to see is, where does this analogy of testing the locks on your doors/windows come into play? Comparing
this to windows isn't exactly appropriate; I would argue that (for instance) if I found port 23 open on your machine
via nmap the actual act of telnetting into your system would be testing your locks.
Maybe this would be a better analogy. Stick a person in said window on the side of the house. Walking up to this
window, I hold up a sign that says: "Are you open?" If the person in the window responds, "Yes!" Then I respond with,
"Thank you!" This window would be considered OPEN in port scanning terms. If the person responds with "No!" then said
window would be considered closed. If there is no person in the window, I won't even get a response, and will consider
it closed. This isn't *quite* accurate in TCP/IP speak because the OS will handle the RST of the SYN packet sent by
the scanner if there is no service listening on the port.
Now, let's assume that the person in the window responded that it was open. Okay, fine, so I decide to enter through
the window (perhaps using a ladder, like Telnet). I climb up to the window and ask again. "Are you open?" The person
responds with, "Yes!" So, I proceed to start the process of entering the window. As soon as my foot touches the
window sill, the person asks for the secret code word needed to enter. "Bah! I don't know that!" At that point, the
person decides to shut the window.
Do you see where this port scanning analogy fails when comparing to testing locks on your doors & windows?
And, by the way, for a port to be open, there must be a service listening on it. If that's the case and you are on a
public IP address, then the public are allowed to connect. Otherwise, this is when you'll want to implement your ACLs.
I'm not a TCP/IP guru by any means, but I'd hope everyone gets ths gist of what I'm clucking.
RE: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 12)
Dos Attack Craig Spiers (Mar 12)
Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 12)
RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 16)