Re: "portscans" (was Re: Arbor Networks DoS defense product)

[Scott Francis <darkuncle () darkuncle net>]

On Sat, May 18, 2002 at 05:25:27PM -0400, woods () weird com said:
> [ On Saturday, May 18, 2002 at 13:48:27 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > > However a "portscan" is not an attack.
> >
> > Precursor to an attack, certainly.
>
> B.S.  A plain old port or IP scan is nothing more than an information
> gathering excercise.  Unless you're the one running it you almost
> certainly have no clue whatsoever why it was started.  (Unless you can
> prove somehow that the scan pattern and/or packets matches a signature
> that's proven to be _unique_ to some known attack tool.)

And why, pray tell, would some unknown and unaffiliated person be scanning my
network to gather information or run recon if they were not planning on
attacking? I'm not saying that you're not right, I'm just saying that so far
I have heard no valid non-attack reasons for portscans (other than those run
by network admins against their own networks).

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui

Attachment: _bin
Description: