Security Basics mailing list archives
Re: Some technical errors
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 5 Apr 2006 01:42:40 +0200
On 2006-04-03 Craig Wright wrote:
Ansgar wrote..."Wrong. The only technical differences between a portscanner and dig are:A portscan will report that a port is open/closed/filtered, whereas dig will retrieve data after the connect. - A portscan may be run against a range of ports and/or a range of hosts (giving you an overview of the network), whereas dig will only connect to a single port on a single host." Last time I checked, a port scanner and dig did completely different tasks. So did an email client and a port scanner.
I'm not talking about tasks. I'm talking about what the programs do on layer 4.
Next, it has been proposed that an Internet user would need to port scan to send e-mail.
No. There is a major difference between may and must. However, a portscan will deliver, even if there's no other source of information, so it is a fallback if nothing else.
A selection of a header is attached below as answer to the statement that this (a port scan) is needed. The header attached is one from a security focus message. The header demonstrates that the email is sent from a mail client.
[...]
Now being the user in question generally sends email using a mail client. That the user does not have to port scan the site to send mail and that the act of sending mail is not aided in any manner from a port scan, how can port scanning a server to see if it runs SMTP be (to a reasonable man) considered valid.
Non sequitur. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Some technical errors Craig Wright (Apr 03)
- Re: Some technical errors Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Some technical errors Tomas Korcak (Apr 06)
- RE: Some technical errors Craig Wright (Apr 06)
- RE: Some technical errors Craig Wright (Apr 06)