Security Basics mailing list archives
Some technical errors
From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 3 Apr 2006 15:01:28 +1000
Hello all, Ansgar wrote..."Wrong. The only technical differences between a portscanner and dig are:A portscan will report that a port is open/closed/filtered, whereas dig will retrieve data after the connect. - A portscan may be run against a range of ports and/or a range of hosts (giving you an overview of the network), whereas dig will only connect to a single port on a single host." Last time I checked, a port scanner and dig did completely different tasks. So did an email client and a port scanner. Next, it has been proposed that an Internet user would need to port scan to send e-mail. A selection of a header is attached below as answer to the statement that this (a port scan) is needed. The header attached is one from a security focus message. The header demonstrates that the email is sent from a mail client. The mail client has connected without needing to complete a port scan. In fact we can see that the sender changed the sender email address in order to accomplish this (in the X-Authentication field) and the servers message ID <20060330023800.A1848 () planetcobalt net> is included in the header as demonstration that the message Now being the user in question generally sends email using a mail client. That the user does not have to port scan the site to send mail and that the act of sending mail is not aided in any manner from a port scan, how can port scanning a server to see if it runs SMTP be (to a reasonable man) considered valid. It is clear that there is no need to scan the system to see what else it may or may not be running. Was it necessary to connect using telnet for example to TCP 25 on mail.securityfocus.com. It would seem not as the message was not created using a Telnet session and typing the message directly to the server. So it would seem that the truth is not that the user needs to port scan to use a service nor that this is a general or even reasonable response. Rather, the argument is that the person 'wants' to do this. That there is a ego gratification that occurs when the scan a server. The rights of the system owner are secondary to the perceived rights of the person doing the deed. Regards Craig Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP G7799 GCFA AFAIM Manager - Computer Assurance Services BDO Chartered Accountants & Advisers Level 19, 2 Market Street, Sydney, NSW 2001 Telephone: +61 2 9286 5555 Fax: +61 2 9993 9705 Direct: +61 2 9286 5497 <Mailto:CWright () bdosyd com au> Received: from outgoing.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])by synit-web-01.synergyit.com.au (Postfix) with ESMTP id 9F5564600F0for <cwright () bdosyd com au>; Fri, 31 Mar 2006 09:10:03 +1000 (EST) Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mail.bdosyd.com.au [203.41.196.145]) with ESMTP; Thu, 30 Mar 2006 14:43:53 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid CDE6E237553; Thu, 30 Mar 2006 15:04:12 -0700 (MST) Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Received: (qmail 31448 invoked from network); 30 Mar 2006 19:06:52 -0000 X-Authentication-Warning: kpnet.de: planetcobalt set sender to bugtraq () planetcobalt net using -f Date: Thu, 30 Mar 2006 20:35:16 +0200 From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> To: security-basics () securityfocus com Subject: Re: application for an employment Message-ID: <20060330203516.A23474 () planetcobalt net> Mail-Followup-To: security-basics () securityfocus com References: <20060330023800.A1848 () planetcobalt net> <200603301749.JAA23418 () redstripe fhda edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200603301749.JAA23418 () redstripe fhda edu>; from gillettdavid () fhda edu on Thu, Mar 30, 2006 at 09:52:06AM -0800 X-imss-version: 2.5 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:2 M:19 S:5 R:5 X-imss-settings: Baseline:6 C:4 M:4 S:4 R:4 (1.0000 4.0000) Return-Path: security-basics-return-38957-cwright=bdosyd.com.au () securityfocus com X-OriginalArrivalTime: 30 Mar 2006 23:09:58.0402 (UTC) FILETIME=[10957E20:01C6544F] Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Some technical errors Craig Wright (Apr 03)
- Re: Some technical errors Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Some technical errors Tomas Korcak (Apr 06)
- RE: Some technical errors Craig Wright (Apr 06)
- RE: Some technical errors Craig Wright (Apr 06)