Security Basics mailing list archives
Re: Yet another thread on the legality of port scanning
From: Derek Schaible <dschaible () cssiinc com>
Date: 18 Mar 2004 12:33:15 -0500
On Thu, 2004-03-18 at 11:33, Barry Fitzgerald wrote:
Charley Hamilton wrote:The normal means of communicating on the internet is via IP packets.On that basis, electron transport is the standard method of information transfer on the internet. If I connect a power cord to your router's ethernet jack, is that okay? Obviously not.These anologies don't work together. The normal means of connecting an ethernet card to a network is not via a power cord. The normal means of connecting to a server *IS* sending IP packets to that server and recieving them back. Which port(s) the packets are sent to is irrelivent. Whether the content is an attack or not depends on the content of the packets. Just because some (very poorly designed) hardware/software can't survive a port scan, doesn't mean that port scans are attacks nor does it mean that they represent anomolous traffic.
------- snip - we get the point ------------------------------------- Perhaps its time we look at this in an entirely different way seeing as how we are getting nowhere fast in this old debate. If I do a "nice", normal portscan on a host - via TCP, UDP or ICMP I am generating no discernible traffic, causing virtually no cpu load, in essence no damage or resources are wasted and the only thing learned is what services this host is intending to serve. Period. Whether I can access those services is totally up to the maintainer of the server. Period. However, if I decided to do some packet crafting via nmap's uber tools, mixing invalid, unnatural flags in such a manner as to attempt bypassing a firewall or fool filtered ports, we are in a whole new realm that has nothing at all to do with general portscans. This sort of behavior is detectable, preventable and prosecutable. If I decide to try to cause your httpd deamon to crash and give me a rootshell, again, this sort of behavior is detectable, preventable and prosecutable. If I try to flood your host with abnormally LARGE ICMP packets endlessly from multiple hosts in an attempt to eat all of your bandwidth, this sort of behavior is detectable, preventable and prosecutable. A normal, default, friendly ICMP sweep or TCP connect is doing none of these. It has no effect whatsoever on the strength of your APPLICATION security. Does this help? -- Derek Schaible <dschaible () cssiinc com> CSSI, Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Yet another thread on the legality of port scanning, (continued)
- Yet another thread on the legality of port scanning Mortis (Mar 17)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 17)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 18)
- Re: Yet another thread on the legality of port scanning ~Kevin DavisĀ³ (Mar 19)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 23)
- RE: Yet another thread on the legality of port scanning Mortis (Mar 18)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 18)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 22)
- Re: Yet another thread on the legality of port scanning Derek Schaible (Mar 19)
- Re: Yet another thread on the legality of port scanning Charles Otstot (Mar 22)
- RE: Yet another thread on the legality of port scanning David Gillett (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 19)
- RE: Yet another thread on the legality of port scanning Yvan Boily (Mar 19)
- Re: Yet another thread on the legality of port scanning Murad Talukdar (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)