Security Basics mailing list archives
RE: FW: Legal? Road Runner proactive scanning.[Scanned]
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 18 Mar 2004 09:27:57 -0800
-----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Subject: Re: FW: Legal? Road Runner proactive scanning.[Scanned]Ansgar -59cobalt- Wiechers said:Your are going to explain how you are going to do that, e.g. for publically available services on ports that are not well-known, aren't you? And even if so, what's it hurt if someone goes finding out for himself? I still don't get your point.Which word exactly of "ports that are not well-known" didn't you understand?A portscan is a method of taking a wide-angle snapshot of my system. Not quite the same thing. Hope that explains it.No. I still fail to see how you are going to provide arbitrary users with the information I mentioned above.
In what way does the discovery that some unknown -- and, in the Internet of 2004 as opposed to 1994 or even earlier, quite possibly UNAUTHORISED -- service on my box is listening to port 12345 provide to you the information that a service you want and believe (why? ESP?) that I provide via my box is, in fact, the service on that port? Answer: It doesn't. If I want a service to be *publically* available, that doesn't mean "available to anyone who portscans my box and then reads my mind to find out what's on those ports". It means that I'm either going to put the services on well-known ports, or I'm going to find some way to advertise the service -- not just its port number, but enough information so that the wider public can actually make use of it. My failure to do so is not anybody else's problem to try and solve. David Gillett --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Yet another thread on the legality of port scanning, (continued)
- Re: Yet another thread on the legality of port scanning Charles Otstot (Mar 22)
- RE: Yet another thread on the legality of port scanning David Gillett (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 19)
- RE: Yet another thread on the legality of port scanning Yvan Boily (Mar 19)
- Re: Yet another thread on the legality of port scanning Murad Talukdar (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
- Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)
- Re: Dos Attack Fernando Gont (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)