Security Basics mailing list archives
RE: application for an employment
From: Mike Fetherston <mike_sha () shaw ca>
Date: Mon, 03 Apr 2006 09:20:28 -0400
Most people who use the Internet in any of its means do not port scan systems.Entirely besides the point.
Craig, I'll agree with you there; it's been a very long time since I've scanned a publicly available host. Many people who use not only the internet but many other public resources do _not_ do a lot of things are considered completely legal. There are many activities that are questionable but completely legal.
This is a simple reasonableness test. If you want to send mail - do you have to scan a site - the answer, No. When going to a web site do you have to check if the have an IPsec VPN to the host, the answer, No.How do I find out about the mail server? How do I find out about the webserver? How do I get permission to access them?
You must make a connect();
The idea that completing a DNS request could be in ANY way equated to port scanning is ignorant and negligent as a suggestion given the knowledge of the person who stated it.
I would like to clarify my statement from my previous e-mail. I stated: "Pointing a web browser to a server that does not offer any http/https services could be thought of as a "port scan". Same with accidentally pointing anything, whether it be telnet, ssh, ftp, r*, or any kind of network tool, at a server that does not offer those services. A connect has to be made to find out if you can use that service. There is nothing malicious in that." First off, I put "port scan" in quotes, meaning that, in concept, the two can be similar in that they both need to connect to a port. I should have stated _that_ instead of simply using the quotes. That statement was not an attempt to create a 1:1 equality between client connects and a port scan. When I said "thought of as a "port scan"" I was saying this from the point of view of a paranoid sysadmin. From that POV, any kind of attempt to connect to any service other than what you offer sets off alarms. "Why is this IP constantly trying to connect to <insert IANA port numbers here> when I don't offer those services?" Well, maybe it's a misconfigured, misinformed, or compromised client, or set of clients. I would not send the law to anyone's door because of this. What's the difference between simple client connects and someone using nmap to do a quick sweep of ports (i.e. -p U:53,T:21-25,80,8080)? Not much other than the nmap scan happens quicker. A simple attempt to connect to a port is not illegal. It can be considered questionable and may raise concerns, but not illegal by any stretch. We get into illegal acts when that data that's been collected has been used to perform some sort of attack, whether it be successful or not.
In response to: Bottom line: "If you don't want your property trespassed, don't put it into public places" Rights (for right or wrong) are rights.True. But I seriously doubt that some rights claimed in this discussion actually exist That's what I'm objecting to.
I don't think that looking is illegal. I've been refraining from using any kind of analogies in this discussion but... I walk into a public park and people look at me, not illegal. Someone peers through my window at night, illegal. A portscan, in *my* opinion, is not trespass. Entering that service either by force or deception (i.e. a secured service) is trespass. I don't think that this debate will ever end and will continually surface. Both sides of the argument have very valid points and neither is completely wrong. Mike Fetherston --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: RE: application for an employment, (continued)
- Re: RE: application for an employment cwright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment David Gillett (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Re: application for an employment D. Bolliger (Apr 05)
- Re: application for an employment Micheal Espinola Jr (Apr 05)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: RE: application for an employment cwright (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Anthony Ettinger (Apr 03)
- RE: application for an employment Mike Fetherston (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Raoul Armfield (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Ramsdell, Scott (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment John E. Fleming (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment onowlin (Apr 03)