Re: FW: Legal? Road Runner proactive scanning.[Scanned]

[~Kevin Davis³ <computerguy () cfl rr com>]

> > I have mail box out front for communication and a phone.  People can
> > call me.  But them attempting to find other ways into my house is
> > tresspassing.  And such activity can indicate an attempt to break in
> > is forthcoming.
>
> This analogy was born without legs. A portscan is a means of finding out
> what services you are providing to the public. Nothing more. Nothing
> less.

No, it's not.  It's a perfectly valid analogy.  While it is encumbant upon
an individual that they should know what windows they have unlocked or ports
they have open by a service to secure themselves, it does not mean that they
always will.

If their window is unlocked that doesn't mean that everyone who knows or
finds out that the window is unlocked is freely invited inside.  Expecially
if the person who owns the house doesn't realize that the window is unlocked
at the time.  Similarly, if a port is open on a box, that doesn't mean
everyone is free to use it as they please.  Particularly if the person
doesn't realize that the port is even open.

By using your own logic, if one were to unknowingly fall victim to a Trojan
and a hacker port scanned that box and found the Trojan holding a port open,
it is perfectly legitimate and legal for that hacker to make use of that
Trojan and take control of the box.

> > > To sum up: a portscan may or may not indicate a forthcoming attack,
> > > but it is *not* an attack in itself.
> >
> > The point is debatable.
>
> Obviously.
>
> > I consider it enough of an indicator that I take it seriously.
> > Sometimes, it isn't even a person doing the attack, but an infected
> > machine.  More than one virus performs portscans.
>
> Sure. But still the portscan is not the attack. I already said that it
> might indicate a forthcoming attack, so there's nothing wrong with
> taking it seriously, but I wouldn't be too worried about it.


Provide a realistic scenario where an anonymous outsider from the Internet
has a legitimate reason to port scan a system.  Sure there some legitimate
reasons, like Road Runner checking to see if you're complying with their TOS
or if a related entity is doing a security check against a box to see what
ports are open, but I would contend the vast majority of the time, if you
are trying to access a box from the Internet, you are going to know
beforehand what services are available from it.  Rare will be the occasion
where some Joe Schmoo will want access to your box and not know how to get
in and need to port scan it to find out.  If they don't know, it is
extremely likely that they don't need to know and shouldn't be accessing the
box.  An open port should not automatically be interpreted as an open
invitation to the public to come on in.  Example:  I want to be able to
Remote Desktop to my computer at home while I am traveling, so I set up
Remote Desktop and forward the port on my router to that box so I can.  This
is not the equivalent to me freely offering everyone on the Internet Remote
Desktop access to my home computer.  It's no-one's business that I'm doing
that besides myself and possibly my ISP.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------