Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Mon, 15 Mar 2004 11:26:19 -0700 (MST)
Ansgar -59cobalt- Wiechers said: <snip>
I have to respectfully disagree. Portscans *may* very well be utilized by an attacker to identify what is running on a system, so they *may* indicate a forthcoming attack. OTOH finding out what services some box provides IMHO is a legitmate means for any potential user.
No regular, authorized user should be scanning. That user will be provided the information as necessary. Sorry.
If you don't intend to provide a service then why do you make it available? If you run a service with known vulnerabilities then why don't you fix/change it? If you intend to provide a service and there are no known vulns then why do you consider portscans a problem? Do you really believe security thru obscurity is going to work?
Nothing about obscurity ever played into my explanation. As to vulnerable services...find me one that hasn't had a vulnerability show up. And find me one that, even when the patches are kept up to date, has not occasionally been exploited before patches became available. Portscans are comparable to somebody checking all my windows and doors to see if they're unlocked. I have mail box out front for communication and a phone. People can call me. But them attempting to find other ways into my house is tresspassing. And such activity can indicate an attempt to break in is forthcoming.
To sum up: a portscan may or may not indicate a forthcoming attack, but it is *not* an attack in itself.
The point is debatable. I consider it enough of an indicator that I take it seriously. Sometimes, it isn't even a person doing the attack, but an infected machine. More than one virus performs portscans. Anybody who wishes to communicate to my resources can do so by normal means: web browser, email, etc. All such services will be published where appropriate. Simply providing one service does not give tacit approval for somebody to probe my resources.
Regards Ansgar Wiechers
laters, bryan --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- FW: Legal? Road Runner proactive scanning.[Scanned] James P. Saveker (Mar 11)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 12)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 15)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Yet another thread on the legality of port scanning Mortis (Mar 17)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 17)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 18)
- Re: Yet another thread on the legality of port scanning ~Kevin DavisĀ³ (Mar 19)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 23)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 15)
- RE: Yet another thread on the legality of port scanning Mortis (Mar 18)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 18)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 22)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 12)