Home page logo

basics logo Security Basics mailing list archives

Re: application for an employment
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 30 Mar 2006 20:35:16 +0200

On 2006-03-30 David Gillett wrote:
The legitimate reason you have is the simple fact that you 
don't have any other option of determining what services are 
available on a given host or range of hosts. 

  Yes you do.

No, I don't. There are some exceptions, where I don't have to, but in
general there is no way of finding out other than actually connecting to
the service.

  Suppose you want to send me an email.  By your argument, your
only option is to scan our whole address block(s!) looking for
machines that will answer on port 25.
  Bzzzt!  WRONG!  Do a DNS lookup for the MX records for our

So, how do I do a DNS lookup without somehow accessing port 53/udp of a
DNS server that I do not own? How do I get permission to do that?

  Suppose you want to register online to take courses here.  By
your argument, your only option is to scan our address space for
hosts that answer on ports 80 and 443.
  Bzzzt!  WRONG!  Point your browser at the college homepage (you
could Google for it) and follow the links to "Registration".

So, how does Google get the address of your webserver? Or permission to
access/index it? How do I get permission to access Google? And how does
a listing of $something in Google give me the permission to access it?

  Suppose you want to compromise one of our hosts to set up a 
warez server.  By your argument, your only option is to scan our
address space looking for a host running a service for which you
have an exploit available.
  Uh, wait.  You just lost the qualifier "legitimate".

I was by no means talking about exploits. In fact I expressly stated
that one may be held liable when breaking something (which you obviously
chose to ignore for whatever reason).

  If I want you to be able to use a service X on host Y, I will
find some way to advertise that service.  If I don't advertise the
service, it may be something that I don't even know is there --
perhaps installed silently by the OS or some legitimate application,
or perhaps by some cracker.  In neither case is there a presumption
that I'm inviting you to use it, if only you can find it.

That's ridiculous and you know it. The Internet does not have
advertisement mechanisms for services. The network is public and so is
every service on it. It was your decision to put the box into a public
network and there are ways to know what services it provides (and to
disable those services you don't want to provide). I cannot know if you
made a service available on purpose, and I do not have to assume that
you didn't. If I had to, the Internet would have to be shut down right
this second.

Bottom line: If you don't want your property trespassed, don't put it
into public places.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]