Re: FW: Legal? Road Runner proactive scanning.[Scanned]

[Andy Blair <blai0015 () umn edu>]

> A portscan is a method of checking weather a service is accepting data
> or not. It's a simple connection that closes if the port responds. A
> denial of
> Service would be flooding that port with so much traffic that it can't
> respond to other requests, that is not the case with a portscan. The
> hotel
> Analogy is fundamentally flawed for this argument. You wouldn't be
> taking with the operator, a portscan would see if you can 'phone' the
> hotel, then
> When they pick up you verified the 'port' is open. Talking with the
> operator is akin to communicating with the port, thus you 'browsing the
> page' and not just checking to see if the port is open.
>
>  Shawn


I don't think that is quite an accurate analogy either. The difference is
that you are only using one phone line, or "port" to call the hotel. A
better analogy would be if hotels had a standard set of extension lines
that were tied to specific services that a hotel could offer. You could
dial into each extension, not knowing whether that specific hotel offered
the service. If someone picked up, the line for that service is in use. You
would have to actually listen to the answer or ask the person on the other
line to determine if a specific service were actually offered (simulating
tcp connection handshake).

When a scanner does OS detection or similar operations, more than just
listening for the line to be answered is needed. It would wait for "Hello,
Room Service" or something like that before disconnecting, and make its
decision on what cuisine was offered by how the phone was answered.

A port scan has to communicate with the port in at least a limited way. It
has to at least recieve a response to its probe in order for it to know the
port is open, which satisfies a limited level of two-way communication.


To me, port scanning has to be legal. It is too difficult to make it
illegal because things get too messy. If you required the machine owner's
permission to scan you start cutting of legitimate uses such as a program
that may offer you different ways of connecting to a machine you have
legitimate access to (it can check to see if you can connect via ssh,
telnet, sftp, terminal services, etc..). It is a fine line between a
program determining connection options and a malicious port scan.

It is too hard to separate a legitimate jewelry store customer from one who
is professionally casing the joint (inconspicuously looking at the windows
and doors and walls while acting like a customer). Any law that attempts to
do that will do more harm than good and will not work as intended.

AB


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------