Security Basics mailing list archives
RE: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 18 Mar 2004 08:31:42 -0800
I'll agree that the hotel analogy is flawed, because the effort required by the hotel operator to answer such questions is proportionally much larger than the effort required of a host and associated network equipment to process a bunch of niladic connection requests. But this is a "fundamental" flaw ONLY if you assert that the effort in the network case is ZERO -- and it's not. The threshold at which it becomes a denial of service is much higher, thankfully, but even without reaching that threshold it's an abuse of the host owner's bandwidth and CPU resources for connections which the scanner never intends to actually use. (Actually, this illustrates an aspect which the "rattling doorknobs and windows" analogy completely fails to capture.) Portscans have costs and, in some cases, consequences. These are usually quite minor, but that's a matter of degree rather than of ethical principle. David Gillett
-----Original Message----- From: Shawn Jackson [mailto:sjackson () horizonusa com] Sent: Thursday, March 18, 2004 8:02 AM To: gillettdavid () fhda edu; Jef Feltman; security-basics () securityfocus com Subject: RE: FW: Legal? Road Runner proactive scanning.[Scanned] -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Wednesday, March 17, 2004 11:42 AM To: 'Jef Feltman'; security-basics () securityfocus com Subject: RE: FW: Legal? Road Runner proactive scanning.[Scanned]You call a hotel, and instead of asking for a non-smoking double room overlooking the pool, you ask if room 1 is available, then if room 2 is available, then if room 3 is available, and so on. At some point, this amounts to a denial of service against the hotel switchboard operator....Dave GillettA portscan is a method of checking weather a service is accepting data or not. It's a simple connection that closes if the port responds. A denial of Service would be flooding that port with so much traffic that it can't respond to other requests, that is not the case with a portscan. The hotel Analogy is fundamentally flawed for this argument. You wouldn't be taking with the operator, a portscan would see if you can 'phone' the hotel, then When they pick up you verified the 'port' is open. Talking with the operator is akin to communicating with the port, thus you 'browsing the page' and not just checking to see if the port is open. Shawn
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: FW: Legal? Road Runner proactive scanning.[Scanned], (continued)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 22)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Burton M. Strauss III (Mar 15)
- RE: Legal? Road Runner proactive scanning.[Scanned] James . Fields (Mar 12)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Mitchell Rowton (Mar 16)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Young, Randy (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Shawn Jackson (Mar 18)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Shawn Jackson (Mar 18)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Andy Blair (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Shawn Jackson (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Shawn Jackson (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Shawn Jackson (Mar 23)
- The fallacy of analogies - Enough with throwing rocks at your windows! Burton M. Strauss III (Mar 23)