Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 16 Mar 2004 23:17:48 +0100
On 2004-03-15 Bryan S. Sampsel wrote:
Ansgar -59cobalt- Wiechers said:I have to respectfully disagree. Portscans *may* very well be utilized by an attacker to identify what is running on a system, so they *may* indicate a forthcoming attack. OTOH finding out what services some box provides IMHO is a legitmate means for any potential user.No regular, authorized user should be scanning. That user will be provided the information as necessary. Sorry.
Your are going to explain how you are going to do that, e.g. for publically available services on ports that are not well-known, aren't you? And even if so, what's it hurt if someone goes finding out for himself? I still don't get your point.
If you don't intend to provide a service then why do you make it available? If you run a service with known vulnerabilities then why don't you fix/change it? If you intend to provide a service and there are no known vulns then why do you consider portscans a problem? Do you really believe security thru obscurity is going to work?Nothing about obscurity ever played into my explanation.
How else should I call hiding the services you provide by prohibiting portscans (or trying to)?
As to vulnerable services...find me one that hasn't had a vulnerability show up. And find me one that, even when the patches are kept up to date, has not occasionally been exploited before patches became available. Portscans are comparable to somebody checking all my windows and doors to see if they're unlocked.
So? Lock them already, if you don't want them to be open.
I have mail box out front for communication and a phone. People can call me. But them attempting to find other ways into my house is tresspassing. And such activity can indicate an attempt to break in is forthcoming.
This analogy was born without legs. A portscan is a means of finding out what services you are providing to the public. Nothing more. Nothing less.
To sum up: a portscan may or may not indicate a forthcoming attack, but it is *not* an attack in itself.The point is debatable.
Obviously.
I consider it enough of an indicator that I take it seriously. Sometimes, it isn't even a person doing the attack, but an infected machine. More than one virus performs portscans.
Sure. But still the portscan is not the attack. I already said that it might indicate a forthcoming attack, so there's nothing wrong with taking it seriously, but I wouldn't be too worried about it. Regards Ansgar Wiechers --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Yet another thread on the legality of port scanning, (continued)
- RE: Yet another thread on the legality of port scanning Mortis (Mar 18)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 18)
- Re: Yet another thread on the legality of port scanning Charley Hamilton (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 22)
- Re: Yet another thread on the legality of port scanning Derek Schaible (Mar 19)
- Re: Yet another thread on the legality of port scanning Charles Otstot (Mar 22)
- RE: Yet another thread on the legality of port scanning David Gillett (Mar 19)
- Re: Yet another thread on the legality of port scanning Barry Fitzgerald (Mar 19)
- RE: Yet another thread on the legality of port scanning Yvan Boily (Mar 19)
- Re: Yet another thread on the legality of port scanning Murad Talukdar (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Ansgar -59cobalt- Wiechers (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 19)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] ~Kevin DavisĀ³ (Mar 18)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 19)
- Automatically encrypting and signing to a group of people w/ Outlook 2003? Mark G. Spencer (Mar 19)