Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Tue, 16 Mar 2004 21:55:22 -0700 (MST)
Phil Brammer said: <snip>
Nope. Email performs a handshake, it does not probe an entire system to communicate. If it receives no response on its connection attempt, it ceases activity.A gentle port scan on every port it checks also performs a handshake. It's TCP for god's sake. In fact, if you have a firewall blocking access to a port (DROP) that is not allowing the RST flag to get sent back to me, are you not in violation of your handshake scenario?
Nope. The portscan is not a standard service connection. It is a shotgun approach to inspect my system without my permission. SMTP, HTTP, FTP, HTTPS, SSH, TELNET, etc, are all standard methods of initiating specific forms of communication. The portscan is not. The portscan is a tool for troubleshooting, security inspection, and precursor to attacks...all depending upon somebody's motivation. When it isn't me, or someone I've authorized to perform such a scan, the motivation is an unknown factor. As such, it is tresspassing, as it was done without my permission. bryan --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: FW: Legal? Road Runner proactive scanning.[Scanned], (continued)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
- Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)
- RE: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 12)
- Dos Attack Craig Spiers (Mar 12)
- Re: Dos Attack Fernando Gont (Mar 15)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 12)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 22)