Security Basics mailing list archives
RE: Legal? Road Runner proactive scanning.
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Sun, 14 Mar 2004 14:02:06 -0700 (MST)
Don't lose any customers...the packet filter I have drops any further scan packets, but continues to allow regular traffic to flow. However, if you don't think there's any legal issues with portscanning, try scanning the government sites. See how long it takes to get some attention brought on you. ;) Besides, commonality of an occurance does not minimize it. Script kiddies are common, exploiting whatever the exploit-of-the-week is... If you want protection, use the RBL engines out there...some of them even allow you to scan your own system for relay capabilities and exploits. I have no truck with my ISP scanning me, provided it's made clear up front. I do have problems with somebody I am not contractually linked to doing so. IMO, bryan ====================================== Bryan S. Sampsel LibertyActivist.org ====================================== Mark Medici said:
From: Bryan S. Sampsel [mailto:bsampsel () libertyactivist org] Sent: Friday, March 12, 2004 11:23 AM If you're the customer. However, if you're not the customer, theyhave nolegal right to scan your resources.That's a different matter, but still it's not illegal, at least not under any law that I have seen. But IANAL or a cop, YMMV and all that stuff. While I might not like someone scanning my ports, there is nothing particularly bad about it, unless it is done in such a way as to constitute a denial-of-service attack or harassment. Now, how the person scanning uses that information may be illegal (attempting an exploit) or negligent (unauthorized disclosure to third parties). Port scanning is such a common and innocuous occurrence that there's no reason for it to even be a part of your normal IDS alerts or reports. Just block it and log it and ignore it unless/until there's an escalation, then go back to the raw logs for evidence. Of course, if the port scans make it through to your DMZ or internal network, then I'd want to see alerts from the IDS's in those zones. As for testing all connecting SMTP servers for the presence of open relay/proxy, I think this is a matter of self preservation and a feature I'd personally like to see my MTA provide. It's hard to argue against something that makes good common sense. If it makes you feel better or more secure to firewall-off every IP that scans your ports or checks for open relays, then go ahead and do it. But expect to keep busy, and potentially loose communications from bona fide customers in the process.
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Legal? Road Runner proactive scanning., (continued)
- Re: Legal? Road Runner proactive scanning. Greg (Mar 10)
- Re: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 11)
- Re: Legal? Road Runner proactive scanning. Mitchell Rowton (Mar 11)
- Re: Legal? Road Runner proactive scanning. steve (Mar 12)
- RE: Legal? Road Runner proactive scanning. Aditya, ALD [Aditya Lalit Deshmukh] (Mar 15)
- RE: Legal? Road Runner proactive scanning. Mark Medici (Mar 12)
- RE: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 12)
- RE: Legal? Road Runner proactive scanning. Aditya, ALD [Aditya Lalit Deshmukh] (Mar 15)
- RE: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 12)
- Re: Legal? Road Runner proactive scanning. Gnuthad (Mar 15)
- RE: Legal? Road Runner proactive scanning. Mark Medici (Mar 15)
- RE: Legal? Road Runner proactive scanning. Bryan S. Sampsel (Mar 15)
- Re: Legal? Road Runner proactive scanning. Greg (Mar 10)