Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Phil Brammer <security () wjjeep com>
Date: Thu, 18 Mar 2004 12:54:23 -0600
On Thu, Mar 18, 2004 at 06:46:26AM -0500, ~Kevin DavisĀ³ wrote:
I have mail box out front for communication and a phone. People can call me. But them attempting to find other ways into my house is tresspassing. And such activity can indicate an attempt to break in is forthcoming.This analogy was born without legs. A portscan is a means of finding out what services you are providing to the public. Nothing more. Nothing less.No, it's not. It's a perfectly valid analogy. While it is encumbant upon an individual that they should know what windows they have unlocked or ports they have open by a service to secure themselves, it does not mean that they always will. If their window is unlocked that doesn't mean that everyone who knows or finds out that the window is unlocked is freely invited inside. Expecially if the person who owns the house doesn't realize that the window is unlocked at the time. Similarly, if a port is open on a box, that doesn't mean everyone is free to use it as they please. Particularly if the person doesn't realize that the port is even open.
Oh, stop. A port scan doesn't test your locks. What I fail to see is, where does this analogy of testing the locks on your doors/windows come into play? Comparing this to windows isn't exactly appropriate; I would argue that (for instance) if I found port 23 open on your machine via nmap the actual act of telnetting into your system would be testing your locks. Maybe this would be a better analogy. Stick a person in said window on the side of the house. Walking up to this window, I hold up a sign that says: "Are you open?" If the person in the window responds, "Yes!" Then I respond with, "Thank you!" This window would be considered OPEN in port scanning terms. If the person responds with "No!" then said window would be considered closed. If there is no person in the window, I won't even get a response, and will consider it closed. This isn't *quite* accurate in TCP/IP speak because the OS will handle the RST of the SYN packet sent by the scanner if there is no service listening on the port. Now, let's assume that the person in the window responded that it was open. Okay, fine, so I decide to enter through the window (perhaps using a ladder, like Telnet). I climb up to the window and ask again. "Are you open?" The person responds with, "Yes!" So, I proceed to start the process of entering the window. As soon as my foot touches the window sill, the person asks for the secret code word needed to enter. "Bah! I don't know that!" At that point, the person decides to shut the window. Do you see where this port scanning analogy fails when comparing to testing locks on your doors & windows? And, by the way, for a port to be open, there must be a service listening on it. If that's the case and you are on a public IP address, then the public are allowed to connect. Otherwise, this is when you'll want to implement your ACLs. I'm not a TCP/IP guru by any means, but I'd hope everyone gets ths gist of what I'm clucking. Phil
Attachment:
_bin
Description:
Current thread:
- Re: Yet another thread on the legality of port scanning, (continued)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 19)
- RE: Yet another thread on the legality of port scanning Yvan Boily (Mar 19)
- Re: Yet another thread on the legality of port scanning Murad Talukdar (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
- Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)
- Re: Dos Attack Fernando Gont (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)