nanog mailing list archives
Re: "portscans" (was Re: Arbor Networks DoS defense product)
From: "Stephen J. Wilcox" <steve () opaltelecom co uk>
Date: Sun, 19 May 2002 10:12:36 +0100 (BST)
On 18 May 2002, Scott Gifford wrote:
Scott Francis <darkuncle () darkuncle net> writes: [...]And why, pray tell, would some unknown and unaffiliated person be scanning my network to gather information or run recon if they were not planning on attacking? I'm not saying that you're not right, I'm just saying that so far I have heard no valid non-attack reasons for portscans (other than those run by network admins against their own networks).Before choosing an onling bank, I portscanned the networks of the banks I was considering. It was the only way I could find to get a rough assessment of their network security, which was important to me as a customer for obvious reasons.
I would argue that this is not good practice and you dont have the right to intrude on the workings of the banks network just because you have the technology to do so.. if a telnet port was open would you also check that you were unable to brute force your way in? That is to say.. what exactly were you hoping to find and then do with the results? I'd also say your reason for this is void, its not your responsibility to assess the bank's security. If they screw up they have insurance and you're not at risk.
I'm not sure if I would have been impressed or annoyed if they had stopped accepting packets from my machine during the scan. :-)
But surely if all their prospects do this they will not be able to handle the volume of attacks and will be unable to keep up with blocking the more minor benign scans. And you as a customer ought to prefer their time is spent on legitimate attacks which means no one scans then 'for good reasons' and all scans are therefore malicious and worthy of investigating... Steve
-----ScottG.
Current thread:
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product), (continued)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Gifford (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Alex Rubenstein (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) william (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Stephen J. Wilcox (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Dan Hollis (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Gifford (May 19)
- RE: "portscans" (was Re: Arbor Networks DoS defense product) James (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Dan Hollis (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 19)