RE: FW: Legal? Road Runner proactive scanning.[Scanned]

• Previous message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: Legal? Road Runner proactive scanning."
• In reply to: Charles Otstot: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Next in thread: Bryan S. Sampsel: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: Bryan S. Sampsel: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: David Gillett: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: Charles Otstot: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Charles Otstot'" <charles.otstot@ncmail.net>, "'James P. Saveker'" <james@wetgoat.net>, <security-basics@securityfocus.com>
Date: Fri, 12 Mar 2004 19:22:39 -0800

So if someone comes and knocks on your door at home you shoot them? Do you
consider them a criminal? No, you lock the door and windows.

If your host is on the internet I consider it public and knocking on the
door to see if the shop is open, is not a problem. If you do not want people
coming in the door lock it and give a key to those who need it.

Based on your statement no website should not be accessed by anyone other
than an employee. Sending E-Mail would be a violation also, as the port must
be checked to verify it can be opened to receive.

Port scanning is not an attack it is probe. I have scanned many machines
that have tried to attack my machine trying to verify if it is an attack or
the host has been compromised. Unless the attack is currently in progress,
the host is almost always taken over by a hacker or virus. Scanning the host
allows me to find ports open that prove the host has been attacked and taken
over. Then I am able to inform the ISP or user of the problem. And not go
after some innocent user.

If a company runs a service on the internet they must place a lock on the
door to keep out the unwanted. Otherwise it is open to the public. Remember
there are private and public ip addresses. Public means anyone can access
them without freely unless they harm or steal from the host, just like the
store on the corner.

A port scan has never hurt any machine and never will. Only a poorly
configured host will be hacked. Just as a poorly locked house will be broken
into.

jef

I would certainly consider port scanning to be an attack, based on the
intention(s) implied by such activity.
Although I am far from a security expert from a technical perspective,
it seems to me that the answer to this question lies not in technical
arguments, but rather on determining whether one has the right to access
someone else's network without permission. I, for one, believe that
noone (and no organization) has the right to access my network or any
systems on that network without permission. Permission to access a given
resource does not necessarily have to be explicit (i.e accessing a
publicly hosted web page would generally be permissible), however, ordinary
concepts of reasonableness (what a reasonable person
would consider ok) certainly apply (e.g. intentionally accessing an
accidentally accessible resource that is clearly intended to not be
accessible would be considered improper).
I would view port scanning, regardless of the source, as improper access
to the network. It seems to me that a reasonable person would not
consider it permissible for an outside entity (e.g a business
competitor) to surrepticiously attempt (the breadth and depth of the
access and the resources accessed without explicit permission would help
one determine whether the attempt.is indeed surrepticious) to access
resources on the network.
A port scan against one or more hosts by an outside agent implies an
attempt to find services with potential holes active on the network.
That in, and of itself, implies that the scanner will utilize any
information found to launch (further) attacks against specific hosts in
an attempt to gain further access to the network. As the "scanee", I can
only consider such access an unwanted, unauthorized intrusion with
(likely) malicious intent.
As such, I would necessarily view port scans to be an attack (even if
only limited) against the network.

Charlie

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: Legal? Road Runner proactive scanning."
• In reply to: Charles Otstot: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Next in thread: Bryan S. Sampsel: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: Bryan S. Sampsel: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: David Gillett: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: Charles Otstot: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]