Security Incidents mailing list archives
Re: Scanning. Is it dangerous?
From: hyghlander () MINDSPRING COM (Don Tansey)
Date: Mon, 1 May 2000 12:48:09 -0400
IMHO, No. I do not believe that a simple TCP scan or UDP scan in and of itself is _dangerous_. That said, a scan is often the precursor to an attempt to compromise the system. It is analogous to someone trying all the doors and windows of your business to see if they're locked; and as such it is viewed as an overtly hostile act. Most system administrators I've had the good fortune to associate with are pretty decent folk. They're responsible for keeping the network up and trying to satisfy users. (No easy task.) When scanned, their first thought is the possible intrusion _after_ the scan, and thus the reaction you've noticed here. (Again IMHO). Keep in mind too, that many scanners automaticly attempt to access system information. Everything from banner grabbing and O/S identification to mailing the password file to the person scanning, so a simple scan "aint so simple" after all. In sum - a straight TCP connect scan (no stealth, no banner grabbing, etc) I don't think is a big deal (after all they generally leave a huge footprint in the logs); but you'ld better believe I'd watch the scanning address _very_ closely. DJT Sarunas Krivickas <KrivickasS () PASTAS KAM LT> wrote:
Hi folks,
As I see, almost everyone there are worried about some kind of scanning for own subnets, ports, etc. Do you think it is real danger to you system? So if it is true, the scans as a dangerous actions has to be recognized in your risk management and IT security policy. Does the simple scan of your system has the right place in your policy and also is the trigger to initiate actions and rise the alarm? Of course, we are able to recognize DoS or something like that, but almost all incidents there are talking about simple, usual and not dangerous actions. Yes, you have to think about this kind of actions (I do not call it as attack) if your system is totally unprotected. Lets go to discuss a little bit about subject! My question is how the recognized simple scanning is described in your IT security policy and why scanning is so dangerous for you? Regards, Sarunas
Current thread:
- Re: Scanning. Is it dangerous?, (continued)
- Re: Scanning. Is it dangerous? Roelof Temmingh (May 01)
- DNS Probes Damian Gerow (May 01)
- Re: Scanning. Is it dangerous? John D. Burkett (May 01)
- Re: Scanning. Is it dangerous? Rune Kristian Viken (May 07)
- Re: Scanning. Is it dangerous? Ryan Russell (May 01)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Jose Nazario (May 03)
- Scanning. Is it a consumer right? ethan preston (May 02)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Russell Fulton (May 01)
- Re: Scanning. Is it dangerous? -reply Joseph, Lorne (May 01)
- Re: Scanning. Is it dangerous? Don Tansey (May 01)
- Re: Scanning. Is it dangerous? Igor Gashinsky (May 02)