Home page logo

basics logo Security Basics mailing list archives

Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Charles Otstot <charles.otstot () ncmail net>
Date: Fri, 19 Mar 2004 13:28:22 -0500

Jef Feltman wrote:

Yes, it is reasonable. You agree to allow others to send packets to you host
as soon as you connect it to the internet. By this act you give permission
to the world. The port they send to does not make a difference as far as
legal or not. Attaching a host to the internet is like opening your business
to the public. There is no other way to request info about services
available from a host other than a port scan.


To use your previous analogy...
If your mother called you and said someone was knocking on various doors at her home, would you consider such activity alright or would you immediately call the police and report a possible prowler?

In response to your statement that "There is no other way to request info about services available from a host other than a port scan.": This statement is categorically false. One can contact the host owner through other means (e.g. email or the telephone) and *ask* what servies they intend to be publicly accessible. Indeed, I maintain that one is obligated to do so before communicating with any hosts on that owner's network whose services are in doubt. Basically, my belief is that if you don't own it, you have no right to access it without permission. If there is any doubt as to whether you have permission (even for a cusrory scan of seeing what might be there), you must ask, and receive permission before going any further. This is not a technical concept, it is the simple moral concepts of right and wrong and of respecting the rights of others.



Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]