Security Basics mailing list archives

RE: application for an employment

From: "John E. Fleming" <John () parcassets com>
Date: Mon, 3 Apr 2006 14:42:04 -0400

I like this idea of thinking. So if a bank leaves the vault open does
that make it legal for me to load up as much cash as I can even though
it may have been left open unintentionally? Or could it be that the door
has not been left open intentionally therefore making it illegal and the
proper authorities should be notified to fix the issue.

I came late into this conversation so my analogy might be off.

Regards,

John

P.S. If I have a port open on my network that I do not know about and
someone scans it. Be aware it will be logged and I will prosecute anyone
and their grandmother if they enter unauthorized.


-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] 
Sent: Saturday, April 01, 2006 2:14 PM
To: security-basics () securityfocus com
Subject: Re: application for an employment

On 2006-04-01 Craig Wright wrote:

If you port scan to find everything, how long does it take you to find
anything?


We were discussing whether I'm allowed to do that. It doesn't matter to
this discussion how long it takes me or if personally do it at all.

Lets take the example of seeing if there are other ports open. How do
you think that scanning will find public valid services?


An open port is a public service, unless the service requires
authentication of some sort.

Or are you stating that you are looking for other services that are
NOT public - such as SSH or Telnet which are not secured?


Nice rhetoric. But wrong.

Are you looking for SMTP servers so that you can check if they have an
open relay? Are you looking for FTP servers that are not locked down
so that you can load files without permission?


Again you wrongly assume I would need permission beforehand. I don't.
Just like I can walk through the mall and look what shops are there I
can look at a host and see what services it provides. I can even enter
the shops and look around, as long as there's no sign telling me to "go
away".

Looking for port 80 will not always find a web site (nor will it help
find information). A single IP address can have numerous sites that
are accessed using host headers - so knowing the IP may not allow
access to the site per se.


We're talking about layer 4 here.

Please explain what you are looking for - what VALID reason you have
to scan for open ports.


No, Craig. Please explain, what VALID reason I have not to.

I said it before, and I'm going to repeat it: the Internet is a public
network, and so all hosts on it and all services provided in it are
public, too. I have no reason whatsoever to assume that a service is
provided unintentionally.

And PLEASE get your quoting fixed, because it sucks. Big time.

Regards
Ansgar Wiechers
-- 
"Der Computer ist da, um zu rechnen, nicht um Ausreden wie 'Kann nicht
durch Null teilen' auf den Bildschirm zu schreiben."
--Marco Haschka in de.org.ccc

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: application for an employment, (continued)
- - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Anthony Ettinger (Apr 03)
- RE: application for an employment Mike Fetherston (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
  - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Raoul Armfield (Apr 03)
  - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Ramsdell, Scott (Apr 03)
  - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment John E. Fleming (Apr 03)
  - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment onowlin (Apr 03)
- RE: application for an employment Craddock, Larry (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
  - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment c.s.wright (Apr 04)
  - Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
    - Message not available
    - Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 05)
    - RE: Port scanning/illegalities Ramsdell, Scott (Apr 06)
    - Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 06)

(Thread continues...)