Security Basics mailing list archives
Re: Yet another thread on the legality of port scanning
From: Charles Otstot <charles.otstot () ncmail net>
Date: Fri, 19 Mar 2004 13:13:11 -0500
Derek Schaible wrote:
<snip> A normal, default, friendly ICMP sweep or TCP connect is doing none of these. It has no effect whatsoever on the strength of your APPLICATION security. <snip>
Derek, This is where you and I disagree.Whether the scan actually causes "harm" (e.g causing a poorly designed application to crash) is really irrelevant. All of the technical descriptions and comparisons are likewise irrelevant.
The simple fact is that whether port scanning a host that does not belong to you is alright is in no way a technical question. It is a simple matter of right and wrong. I can think of no legitimate reason for someone to perform a scan against any host on someone else's network without their explicit permission. Stating that one could simply be looking for available services is a technical red herring. The argument may have been valid twenty (and perhaps even ten) years ago when publicly available resources were, at best, poorly published; this is NOT the case today. With (seemingly) virtually every major organization and company having a presence on the Internet, publicly allowable resources are widely published and easily found without ever interrogating the organization's network (e.g Google searches). If one is unsure of what resources an organization intends to be publicly availabale, one has the *moral obligation* to contact the organization through *published* available resources (e.g. email or telephone) requesting such information. One does NOT have the right to access the organization's resources in any other fashion (including scans) without the organization's consent.
Charlie
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Re: Yet another thread on the legality of port scanning, (continued)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 17)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 18)
- Re: Yet another thread on the legality of port scanning ~Kevin DavisĀ³ (Mar 19)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Ansgar -59cobalt- Wiechers (Mar 23)
- RE: Yet another thread on the legality of port scanning Mortis (Mar 18)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 18)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 22)
- Re: Yet another thread on the legality of port scanning Derek Schaible (Mar 19)
- Re: Yet another thread on the legality of port scanning Charles Otstot (Mar 22)
- RE: Yet another thread on the legality of port scanning David Gillett (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 19)
- RE: Yet another thread on the legality of port scanning Yvan Boily (Mar 19)
- Re: Yet another thread on the legality of port scanning Murad Talukdar (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)