Re: "portscans" (was Re: Arbor Networks DoS defense product)

[Scott Gifford <sgifford () suspectclass com>]

"Stephen J. Wilcox" <steve () opaltelecom co uk> writes:

> On 18 May 2002, Scott Gifford wrote:
>
> > Scott Francis <darkuncle () darkuncle net> writes:
> >
> > [...]
> >
> > > And why, pray tell, would some unknown and unaffiliated person
> > > be scanning my network to gather information or run recon if
> > > they were not planning on attacking? I'm not saying that you're
> > > not right, I'm just saying that so far I have heard no valid
> > > non-attack reasons for portscans (other than those run by
> > > network admins against their own networks).
> >
> > Before choosing an onling bank, I portscanned the networks of the
> > banks I was considering.  It was the only way I could find to get
> > a rough assessment of their network security, which was important
> > to me as a customer for obvious reasons.
>
> I would argue that this is not good practice and you dont have the
> right to intrude on the workings of the banks network just because
> you have the technology to do so.. if a telnet port was open would
> you also check that you were unable to brute force your way in? That
> is to say.. what exactly were you hoping to find and then do with
> the results?

I'm not arguing it's good practice.  I'm giving it as an example of a
reason why somebody might scan your network, even though they were not
planning on attacking.

----ScottG.