Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sun, 14 Mar 2004 14:17:16 +0100
On 2004-03-11 Bryan S. Sampsel wrote:
On Thu, 11 Mar 2004, James P. Saveker wrote:You consider a port scan to be an attack? Why is a port scan an attack? Do other people on this list agree with this?Yes, I consider a port scan to be an attack. It is a probe to inspect my system, quite often a precursor to an actual attack if performed successfully. It is not unusual to look at a port scan in this fashion... To be more explicit, sometimes a portscan can be an indicator of system problems elsewhere. I once reported activity from one particular server...the owner replied that he wasn't running any sotware like that and after inspecting his box, found he had a rootkit installed. The user of the rootkit was probing my system. One offender found he had a virus-infected system out there...never had a problem after that. I've correlated data between port-scans and failed attempts to exploit my ftp daemon. Makes for some interesting stuff sometimes... IMO, yes, a portscan is an attempted breach.
I have to respectfully disagree. Portscans *may* very well be utilized by an attacker to identify what is running on a system, so they *may* indicate a forthcoming attack. OTOH finding out what services some box provides IMHO is a legitmate means for any potential user. If you don't intend to provide a service then why do you make it available? If you run a service with known vulnerabilities then why don't you fix/change it? If you intend to provide a service and there are no known vulns then why do you consider portscans a problem? Do you really believe security thru obscurity is going to work? To sum up: a portscan may or may not indicate a forthcoming attack, but it is *not* an attack in itself. Regards Ansgar Wiechers --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- FW: Legal? Road Runner proactive scanning.[Scanned] James P. Saveker (Mar 11)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 12)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 15)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Yet another thread on the legality of port scanning Mortis (Mar 17)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 17)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 18)
- Re: Yet another thread on the legality of port scanning ~Kevin DavisĀ³ (Mar 19)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 23)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 15)
- RE: Yet another thread on the legality of port scanning Mortis (Mar 18)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 18)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 12)