Some technical errors

["Craig Wright" <cwright () bdosyd com au>]

Hello all,
Ansgar wrote..."Wrong. The only technical differences between a
portscanner and dig are:A portscan will report that a port is
open/closed/filtered, whereas dig will retrieve data after the connect.
- A portscan may be run against a range of ports and/or a range of hosts
(giving you an overview of the network), whereas dig will only connect
to a single port on a single host."

Last time I checked, a port scanner and dig did completely different
tasks. So did an email client and a port scanner.

Next, it has been proposed that an Internet user would need to port scan
to send e-mail. A selection of a header is attached below as answer to
the statement that this (a port scan) is needed. The header attached is
one from a security focus message. The header demonstrates that the
email is sent from a mail client. The mail client has connected without
needing to complete a port scan. In fact we can see that the sender
changed the sender email address in order to accomplish this (in the
X-Authentication field) and the servers message ID
<20060330023800.A1848 () planetcobalt net> is included in the header as
demonstration that the message

Now being the user in question generally sends email using a mail
client. That the user does not have to port scan the site to send mail
and that the act of sending mail is not aided in any manner from a port
scan, how can port scanning a server to see if it runs SMTP be (to a
reasonable man) considered valid.

It is clear that there is no need to scan the system to see what else it
may or may not be running. Was it necessary to connect using telnet for
example to TCP 25 on mail.securityfocus.com. It would seem not as the
message was not created using a Telnet session and typing the message
directly to the server.

So it would seem that the truth is not that the user needs to port scan
to use a service nor that this is a general or even reasonable response.
Rather, the argument is that the person 'wants' to do this. That there
is a ego gratification that occurs when the scan a server. The rights of
the system owner are secondary to the perceived rights of the person
doing the deed.

Regards
Craig

        Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP
G7799 GCFA AFAIM
Manager - Computer Assurance Services
BDO Chartered Accountants & Advisers
Level 19, 2 Market Street,
Sydney, NSW 2001
Telephone: +61 2 9286 5555
Fax: +61 2 9993 9705
Direct: +61 2 9286 5497
<Mailto:CWright () bdosyd com au>

Received: from outgoing.securityfocus.com (outgoing.securityfocus.com
        [205.206.231.27])by synit-web-01.synergyit.com.au (Postfix) with
ESMTP id
        9F5564600F0for <cwright () bdosyd com au>; Fri, 31 Mar 2006
09:10:03 +1000
        (EST)
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com

             via smtpd (for mail.bdosyd.com.au [203.41.196.145]) with
ESMTP; Thu,
        30 Mar 2006 14:43:53 -0800
Received: from lists.securityfocus.com (lists.securityfocus.com
        [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with
QMQPid
        CDE6E237553; Thu, 30 Mar 2006 15:04:12 -0700 (MST)
Mailing-List: contact security-basics-help () securityfocus com; run by
ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 31448 invoked from network); 30 Mar 2006 19:06:52 -0000
X-Authentication-Warning: kpnet.de: planetcobalt set sender to
        bugtraq () planetcobalt net using -f
Date: Thu, 30 Mar 2006 20:35:16 +0200
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
To: security-basics () securityfocus com
Subject: Re: application for an employment
Message-ID: <20060330203516.A23474 () planetcobalt net>
Mail-Followup-To: security-basics () securityfocus com
References: <20060330023800.A1848 () planetcobalt net>
        <200603301749.JAA23418 () redstripe fhda edu>
Mime-Version: 1.0
Content-Type: text/plain;
        charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200603301749.JAA23418 () redstripe fhda edu>; from
        gillettdavid () fhda edu on Thu, Mar 30, 2006 at 09:52:06AM -0800
X-imss-version: 2.5
X-imss-result: Passed
X-imss-scores: Clean:99.90000 C:2 M:19 S:5 R:5
X-imss-settings: Baseline:6 C:4 M:4 S:4 R:4 (1.0000 4.0000)
Return-Path:
security-basics-return-38957-cwright=bdosyd.com.au () securityfocus com
X-OriginalArrivalTime: 30 Mar 2006 23:09:58.0402 (UTC)
FILETIME=[10957E20:01C6544F]


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------