Home page logo
/

nanog logo nanog mailing list archives

Scanning (was Re: Stealth Blocking)
From: William Allen Simpson <wsimpson () greendragon com>
Date: Thu, 24 May 2001 08:52:07 -0400


Actually, scanning is an important security tool.  It is also an 
important network monitoring tool.

Over the years, we've used scanning to determine the density of IP 
address assignment, in-addr propagation, and other operational issues.

Recently, the OpenSSH project has been doing random probes to determine 
the numbers and versions of SSH, and sequential probes in selected 
address space to warn operators of vulnerable early versions.

In general, scanning should be done regularly.  If not by the affected 
network operator, then by the targets that have been contacted by the 
affected network.

I _do_ accept that a connected Internet means that anybody may scan 
anybody else's network.  In fact, it is a natural consequence.

There is nothing wrong with scanning.

(The problem with ORBS was not the scanning, but rather the aggressive 
nature of the scanner, and the belligerence of the operator.  Denial of 
service is a different kettle of fish.)

David Schwartz wrote:

Jon Lewis wrote:

What's so bad about pre-emptive open-relay scanning?  What's the
difference between an open-relay found/used by a spammer and added to the
RSS and an open-relay found by pre-emptive scanner and added to the RSS?
Both sites are likely sources of relay spam.

        What's so bad about pre-emptive open-relay scanning is that if you feel
that is justified, you pretty much have accepted that anybody who pleases
may scan anybody else's network for any weakness he or she would like to
probe for. And if someone else probed 40,000 of your hosts each for 500
vulnerabilitise, you would have to accept the probers answer that there's
nothing wrong with pre-emptive scanning. After all, if someone else gets
root on your system, it's a potential threat to him. I am not happy with
that result.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault