nanog mailing list archives
Re: "portscans" (was Re: Arbor Networks DoS defense product)
From: Scott Francis <darkuncle () darkuncle net>
Date: Sat, 18 May 2002 16:03:11 -0700
On Sat, May 18, 2002 at 05:25:27PM -0400, woods () weird com said:
[ On Saturday, May 18, 2002 at 13:48:27 (-0700), Scott Francis wrote: ]Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)However a "portscan" is not an attack.Precursor to an attack, certainly.B.S. A plain old port or IP scan is nothing more than an information gathering excercise. Unless you're the one running it you almost certainly have no clue whatsoever why it was started. (Unless you can prove somehow that the scan pattern and/or packets matches a signature that's proven to be _unique_ to some known attack tool.)
And why, pray tell, would some unknown and unaffiliated person be scanning my network to gather information or run recon if they were not planning on attacking? I'm not saying that you're not right, I'm just saying that so far I have heard no valid non-attack reasons for portscans (other than those run by network admins against their own networks). -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
Attachment:
_bin
Description:
Current thread:
- Re: Arbor Networks DoS defense product, (continued)
- Re: Arbor Networks DoS defense product Valdis . Kletnieks (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Johannes Ullrich (May 17)
- Re: Arbor Networks DoS defense product Valdis . Kletnieks (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Henry Yen (May 18)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 18)
- Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) E.B. Dreger (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) up (May 19)
- Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re[6]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[6]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)