Hello Ansgar,
If you port scan to find everything, how long does it take you to find anything?
Lets take the example of seeing if there are other ports open. How do you think that scanning will find public valid services? Or are you stating that you are looking for other services that are NOT public – such as SSH or Telnet which are not secured?
Are you looking for SMTP servers so that you can check if they have an open relay? Are you looking for FTP servers that are not locked down so that you can load files without permission?
Looking for port 80 will not always find a web site (nor will it help find information). A single IP address can have numerous sites that are accessed using host headers – so knowing the IP may not allow access to the site per se.
Please explain what you are looking for – what VALID reason you have to scan for open ports.
Regards
Craig
-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq_at_planetcobalt.net]
Sent: Fri 31/03/2006 9:54 PM
To: security-basics_at_securityfocus.com
Cc:
Subject: Re: application for an employment
On 2006-03-30 Craddock, Larry wrote:
> Wednesday, March 29, 2006 6:38 PM, Ansgar -59cobalt- Wiechers wrote:
>> On 2006-03-29 Craddock, Larry wrote:
>>> That may be how you interpret it but I think they're very analogous.
>>> The point is simple ... no one has any legitimate business checking
>>> the status of the doors and windows on my property and no one has
>>> any legitimate business port scanning someone else's network. What
>>> legitimate reason would I have in port scanning your network? Let me
>>> answer that for you ... absolutely none. At best, my answer would be
>>> curiosity and that doesn't qualify as legitimate.
>>
>> I'd rather stayed out of this discussion, but since various people
>> have shown a gross ignorance of the technial realities of the 'net
>> I'll throw my 2 cent in.
>>
>> The legitimate reason you have is the simple fact that you don't have
>> any other option of determining what services are available on a
>> given host or range of hosts. It's absolutely ridiculous to think
>> that one would need express permission to find out whether a shop is
>> open or not. Or if there is a shop in the first place.
>>
>> Of course if your scan breaks something you may (or may not) be held
>> liable for that, but that's a different story.
>
> Since other various people have a shown a gross willingness to
> obfuscate the obvious intent of port scanning, I'll respond.
The obvious intent of a portscan is "find out what services a host
provides". Nothing more. Nothing less.
> When is
> the last time you ran a port scan just to make sure someone had a
> webserver running instead of just pointing a browser to it?
There are more services to this 'net than just HTTP, y'know. Besides,
there is no real difference between a browser connecting to a port and a
portscanner connecting to a port.
> The legitimate way to find whether or not someone is running a service
> is to give it a try with a client application.
Run a full blown application to find out whether a host does provide a
service or not? Why would I want to do something that stupid? Besides,
does telnet count as "client application"?
> If you don't have a client app that needs to connect to a server
> implementing that port then why do you need to connect in the first
> place?
Because I'm curious? Because I want to get an overview of what services
are provided on a specific host or in a specific network range, so I can
use them some other time?
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Received on Apr 03 2006
Intro
