Re: application for an employment

["D. Bolliger" <info () dbolliger ch>]

David Gillett am Dienstag, 4. April 2006 02.38:
> > > Using a web server is NOT a port scan - in any manner.

It's getting a nitpick session. 
(apologies for my bad english)

> > A portscan makes a connect(), a web browser makes a
> > connect(). Please explain where exactly you see the
> > difference. Especially on layer 4.
>
>   A port *scan* involves multiple connect() calls (which may
> or may not succeed), to multiple ports and/or multiple addresses.
> The connections thus established are not actually used to render
> the service for which the port(s) accept connections.
>
>   Distinguishing between a web client access and a port scan
> isn't so hard.  Why must you pretend they're indistinguishable?

I don't think he does pretend that, looking at the whole discussion and not 
only at this single post. 
  It's just that the discussion lost it's focus, or has different focusses in 
parallel. And it's a dispute meanwhile.

The connect() is common with respect to a single port of a single machine, be 
it done by a port scanner (if he does a full connect) or client application 
(if not misconfigured). 

A client application may take further action on a higher level. 
A telnet may connect to port 80 and then ctrl-c or wait for the timeout. 
A home made browser may not send headers. 
A port scanner may "scan" a single port, or scan ports with a delay of, say, 
one day between the connect()s. 
A service may be setup on a nonstandard port
Nobody is obliged to render the service behind a port from the point he has 
connected.
...

In practice, and especially since internet usage has got a mass phenomenon, 
there is surely a difference betwenn a "default" port scanner usage and a 
"default" main client application usage. But that's it I think.

I think "Chavoux Luyt" <chavoux () gmail com> made a good point (besides others) 
in his thread "Is portscanning legal? was Re: application for an employment": 
the user (and provider) base of the net infrastructure is very homogeneous; 
what's normal for ones, is special for others.

So, the dispute could be endless without coming to a common sense.


Dani

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------