Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Phil Brammer <security () wjjeep com>
Date: Tue, 16 Mar 2004 16:14:29 -0600
On Mon, Mar 15, 2004 at 11:41:08AM -0700, Bryan S. Sampsel wrote:
Jef Feltman said:So if someone comes and knocks on your door at home you shoot them? Do you consider them a criminal? No, you lock the door and windows.Not quite an accurate comparison. A portscan is comparable to somebody testing those locks and windows. An action that has legal ramifications. And legally speaking, a tresspasser doesn't have to bypass a locked door to tresspass. A knock is a "service" -- a method of communicating with my house. As is a phone or mail. Just a tad different than a security probe.
I disagree with this. A port scan does not test your locks. Basically, a port scan tells the scanner that there are windows/doors available to try. (This is just my perspective on the matter.) If I drive down the street and look at your house, I can count the number of openings that I would have access to the interior of your home. Some of those windows might be open. Some might be closed. I think the issue here is that if I walk up to your door and test the lock, wouldn't that be akin to the actual process of attempting to log into said service and maybe tying a brute-force attack?
If your host is on the internet I consider it public and knocking on the door to see if the shop is open, is not a problem. If you do not want people coming in the door lock it and give a key to those who need it.Still not an apples-apples. There are legit ways of communicating with my system.
Like what? Keep in mind you are on a PUBLIC system. You don't own your IP address like you do your home property. It's a little different. You might own a name to an address, but you don't own the address. Your IP address might be assigned to you, but it's still not your address. If I head to our local arena and walk around the facility, I'm entitled to grab the doorknob on any door I walk by. Now, if I found a door that was unlocked and had a sign that stated "Employees Only," I can see that I could be punished for entering the room. But, merely checking the doorknob is not punishable. It's a public place and locations that are not public need to have proper safeguards in place to prevent unauthorized access.
Based on your statement no website should not be accessed by anyone other than an employee. Sending E-Mail would be a violation also, as the port must be checked to verify it can be opened to receive.Nope. Email performs a handshake, it does not probe an entire system to communicate. If it receives no response on its connection attempt, it ceases activity.
A gentle port scan on every port it checks also performs a handshake. It's TCP for god's sake. In fact, if you have a firewall blocking access to a port (DROP) that is not allowing the RST flag to get sent back to me, are you not in violation of your handshake scenario?
Attachment:
_bin
Description:
Current thread:
- RE: FW: Legal? Road Runner proactive scanning.[Scanned], (continued)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
- Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)
- RE: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 12)
- Dos Attack Craig Spiers (Mar 12)
- Re: Dos Attack Fernando Gont (Mar 15)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 12)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 22)