Security Incidents mailing list archives
Re: Scanning. Is it dangerous?
From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Mon, 1 May 2000 10:48:57 -0700
On Sat, 29 Apr 2000, Sarunas Krivickas wrote:
As I see, almost everyone there are worried about some kind of scanning for own subnets, ports, etc. Do you think it is real danger to you system? So if it is true, the scans as a dangerous actions has to be recognized in your risk management and IT security policy.
The few policies I've seen tend to cover actions under the control of the company (i.e. employees.) Those may very well include port scans explicitly. Policy & procedure may cover how to react to events from external sources (when to call law enforcement, when to call ISP, when to monitor, when to do nothing.)
Does the simple scan of your system has the right place in your policy and also is the trigger to initiate actions and rise the alarm? Of course, we are able to recognize DoS or something like that, but almost all incidents there are talking about simple, usual and not dangerous actions. Yes, you have to think about this kind of actions (I do not call it as attack) if your system is totally unprotected.
Without getting into the honeypot issue, which played out here recently, I believe most folks watch for port scans as an early-warning mechanism. That might be a reasonable flag to watch for activity from that IP address manually, for example. Other folks will just block all traffic for a period of time from an address that scans. You have to watch out for DoS possibilities of course.
Lets go to discuss a little bit about subject! My question is how the recognized simple scanning is described in your IT security policy and why scanning is so dangerous for you?
Most folks consider scanning a hostile activity, as there is typically no legitimate reason for it. Laws vary about scanning, from being explictly legal to explictly illegal, with most places falling in-between. In places where it is explictly illegal, watching for them is very relevent. Ryan
Current thread:
- Scanning. Is it dangerous? Sarunas Krivickas (Apr 29)
- Re: Scanning. Is it dangerous? Sebastian (May 01)
- Re: Scanning. Is it dangerous? Roelof Temmingh (May 01)
- DNS Probes Damian Gerow (May 01)
- Re: Scanning. Is it dangerous? John D. Burkett (May 01)
- Re: Scanning. Is it dangerous? Rune Kristian Viken (May 07)
- Re: Scanning. Is it dangerous? Ryan Russell (May 01)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Jose Nazario (May 03)
- Scanning. Is it a consumer right? ethan preston (May 02)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Russell Fulton (May 01)
- <Possible follow-ups>
- Re: Scanning. Is it dangerous? -reply Joseph, Lorne (May 01)
- Re: Scanning. Is it dangerous? Don Tansey (May 01)
- Re: Scanning. Is it dangerous? Igor Gashinsky (May 02)