RE: application for an employment

[Mike Fetherston <mike_sha () shaw ca>]

> > Most people who use the Internet in any of its means do not port scan
> > systems.
>
> Entirely besides the point.

Craig, I'll agree with you there; it's been a very long time since I've
scanned a publicly available host.  

Many people who use not only the internet but many other public resources do
_not_ do a lot of things are considered completely legal.  There are many
activities that are questionable but completely legal.

> > This is a simple reasonableness test. If you want to send mail - do
> > you have to scan a site - the answer, No. When going to a web site do
> > you have to check if the have an IPsec VPN to the host, the answer,
> > No.
>
> How do I find out about the mail server? How do I find out about the
> webserver? How do I get permission to access them?

You must make a connect();


> > The idea that completing a DNS request could be in ANY way equated to
> > port scanning is ignorant and negligent as a suggestion given the
> > knowledge of the person who stated it.

I would like to clarify my statement from my previous e-mail.  I stated:

        "Pointing a web browser to a server that does not offer any
http/https      services could be thought of as a "port scan".  Same with
accidentally    pointing anything, whether it be telnet, ssh, ftp, r*, or
any kind of     network tool, at a server that does not offer those
services.  A    connect has to be made to find out if you can use that
service.  There         is nothing malicious in that."

First off, I put "port scan" in quotes, meaning that, in concept, the two
can be similar in that they both need to connect to a port.  I should have
stated _that_ instead of simply using the quotes.  That statement was not an
attempt to create a 1:1 equality between client connects and a port scan.

When I said "thought of as a "port scan"" I was saying this from the point
of view of a paranoid sysadmin.  From that POV, any kind of attempt to
connect to any service other than what you offer sets off alarms.  "Why is
this IP constantly trying to connect to <insert IANA port numbers here> when
I don't offer those services?"  Well, maybe it's a misconfigured,
misinformed, or compromised client, or set of clients.  I would not send the
law to anyone's door because of this.

What's the difference between simple client connects and someone using nmap
to do a quick sweep of ports (i.e. -p U:53,T:21-25,80,8080)?  Not much other
than the nmap scan happens quicker.

A simple attempt to connect to a port is not illegal.  It can be considered
questionable and may raise concerns, but not illegal by any stretch.  We get
into illegal acts when that data that's been collected has been used to
perform some sort of attack, whether it be successful or not.


> > In response to: Bottom line: "If you don't want your property
> > trespassed, don't put it into public places"
> > Rights (for right or wrong) are rights.
>
> True. But I seriously doubt that some rights claimed in this discussion
> actually exist That's what I'm objecting to.

I don't think that looking is illegal.  I've been refraining from using any
kind of analogies in this discussion but...  I walk into a public park and
people look at me, not illegal.  Someone peers through my window at night,
illegal.

A portscan, in *my* opinion, is not trespass.  Entering that service either
by force or deception (i.e. a secured service) is trespass.



I don't think that this debate will ever end and will continually surface.
Both sides of the argument have very valid points and neither is completely
wrong.


Mike Fetherston



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------