Re: FW: Legal? Road Runner proactive scanning.[Scanned]

["Bryan S. Sampsel" <bsampsel () libertyactivist org>]

OK.  for the cheap seats...

Ansgar -59cobalt- Wiechers said:
> On 2004-03-15 Bryan S. Sampsel wrote:
> > No regular, authorized user should be scanning.  That user will be
> > provided the information as necessary.  Sorry.
>
> Your are going to explain how you are going to do that, e.g. for
> publically available services on ports that are not well-known, aren't
> you? And even if so, what's it hurt if someone goes finding out for
> himself? I still don't get your point.

Simple.  A connection attempt from an established known service, such as
HTTP, IMAP, SMTP, etc, is NOT the same as a portscan.  Somebody attempting
to utilize specific, known services is not performing the same
action...and I can check my logs to watch for abusive patterns (excessive
ftp logins, etc).  A portscan is a method of taking a wide-angle snapshot
of my system.  Not quite the same thing.  Hope that explains it.

> How else should I call hiding the services you provide by prohibiting
> portscans (or trying to)?

Preventing an unauthorized person from scanning my box is merely the first
step in protection...I guess I can buy the obscurity label.  But, using
that as a first step isn't wrong.  It's merely a piece of the
protection...perhaps it might be akin to using window blinds.  They don't
keep people from breaking in the window, but do prevent people on the
street from peeking at the inside of my house to decide if it's worth
breaking into or not (stereo, TV, whatever).

>

> > Portscans are comparable to somebody checking all my windows and doors
> > to see if they're unlocked.
>
> So? Lock them already, if you don't want them to be open.

That is irrelevant.  Even were I foolish enough to leave a system
unprotected, nobody has the right to poke around it, let alone molest it. 
Same holds true for my house.  Even an unlocked door does not allow
somebody to tresspass.

> > I have mail box out front for communication and a phone.  People can
> > call me.  But them attempting to find other ways into my house is
> > tresspassing.  And such activity can indicate an attempt to break in
> > is forthcoming.
>
> This analogy was born without legs. A portscan is a means of finding out
> what services you are providing to the public. Nothing more. Nothing
> less.

No.  A portscan is more than that.  If you wish to see if I run a website,
use your browser.  If you wish to send email to that box, send email.  Let
the known, public services do what they're intended to.  Unless I
authorize you, the rest is none of your business.


bryan

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------