RE: FW: Legal? Road Runner proactive scanning.[Scanned]

["Shawn Jackson" <sjackson () horizonusa com>]

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Wednesday, March 17, 2004 11:42 AM
To: 'Jef Feltman'; security-basics () securityfocus com
Subject: RE: FW: Legal? Road Runner proactive scanning.[Scanned]

>  You call a hotel, and instead of asking for a non-smoking
> double room overlooking the pool, you ask if room 1 is available,
> then if room 2 is available, then if room 3 is available, and
> so on.  At some point, this amounts to a denial of service
> against the hotel switchboard operator....

> Dave Gillett

A portscan is a method of checking weather a service is accepting data
or not. It's a simple connection that closes if the port responds. A
denial of
Service would be flooding that port with so much traffic that it can't
respond to other requests, that is not the case with a portscan. The
hotel
Analogy is fundamentally flawed for this argument. You wouldn't be
taking with the operator, a portscan would see if you can 'phone' the
hotel, then
When they pick up you verified the 'port' is open. Talking with the
operator is akin to communicating with the port, thus you 'browsing the
page' and not just checking to see if the port is open.

 Shawn

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------