nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "portscans" (was Re: Arbor Networks DoS defense product)

From: woods () weird com (Greg A. Woods)
Date: Sun, 19 May 2002 13:36:49 -0400 (EDT)

[ On Sunday, May 19, 2002 at 03:16:28 (-0700), Dan Hollis wrote: ]

Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)

On 18 May 2002, Scott Gifford wrote:

Before choosing an onling bank, I portscanned the networks of the
banks I was considering.  It was the only way I could find to get a
rough assessment of their network security, which was important to me
as a customer for obvious reasons.


So for your offline banks, do you also go to the local branches at night 
and jiggle all the locks to make sure their doors and windows are locked?


That analogy is fundamentaly flawed.  For one the Interent is never
locked after hours -- there is no "after hours", it's always open!

There are also no sign posts at every router on the Internet.  The only
sign-posts are the responses you get from trying a given door -- either
it opens or it doesn't.  Unless you actually try to go somewhere in
TCP/IP-land you won't know whether or not you can get there.  A good
firewall makes it appear for all intents and purposes that there's no
door handle to wiggle in the first place.

-- 
                                                                Greg A. Woods

+1 416 218-0098;  <gwoods () acm org>;  <g.a.woods () ieee org>;  <woods () robohack ca>
Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>
Previous By Date Next
Previous By Thread Next

Current thread: