Security Basics mailing list archives
Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Derek Schaible <dschaible () cssiinc com>
Date: 17 Mar 2004 13:08:02 -0500
On Tue, 2004-03-16 at 14:01, Charles Otstot wrote:
Jef Feltman wrote: I think you might have trouble convincing others that your actions do not pose a problem. Simply having a host on the Internet does not automatically mean that one has the right to see what might be *technically* available on that host as opposed as to what the host's owners intended to be available. To refer to your analogy, the shop owner does not (in general) have the responsibility to lock the door and provide those who need access with a key. Rather, outsiders have the responsibility (both moral and legal) to stay out unless invited in.
If a host is on the Internet, how are people supposed to know its there? We accept allowing sites such as Google to come and index them for search engines, if indeed they are running http. However, there are many, many other services that can be provided and not all are accessible through some means such as this. When any host is put on the Internet and open you are inviting the public to browse your machine in some manner. Port scanning is a means to see what manners are available. One can only assume that if a service is "technically" available, it was intended to be available. There are many tools at our disposal to ensure that only our intended services are being made available - such as Port Scanning. This debate has been beaten to death. Accept the fact that mere port scanning causes no harm anyway. If someone is being malicious in the packets they are crafting to scan your host and causing harm you may have a leg to stand on if you can supply the logs to support your theory, perhaps you need a better firewall that can stop this behavior (a simple iptables script can put a stop to that) or get better locks :-) -- Derek Schaible <dschaible () cssiinc com> CSSI, Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Dos Attack, (continued)
- Re: Dos Attack Fernando Gont (Mar 15)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 12)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Phil Brammer (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Bryan S. Sampsel (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 15)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 16)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 17)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Derek Schaible (Mar 17)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)
- Re: FW: Legal? Road Runner proactive scanning.[Scanned] Charles Otstot (Mar 22)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] David Gillett (Mar 18)
- RE: FW: Legal? Road Runner proactive scanning.[Scanned] Jef Feltman (Mar 19)