RE: Legal? Road Runner proactive scanning.

From: Bryan S. Sampsel (
Date: 03/14/04

  • Next message: Mike: "RE: SPYWARE detection"
    Date: Sun, 14 Mar 2004 14:02:06 -0700 (MST)
    To: "Mark Medici" <>

    Don't lose any customers...the packet filter I have drops any further scan
    packets, but continues to allow regular traffic to flow.

    However, if you don't think there's any legal issues with portscanning,
    try scanning the government sites. See how long it takes to get some
    attention brought on you. ;)

    Besides, commonality of an occurance does not minimize it. Script kiddies
    are common, exploiting whatever the exploit-of-the-week is...

    If you want protection, use the RBL engines out there...some of them even
    allow you to scan your own system for relay capabilities and exploits.

    I have no truck with my ISP scanning me, provided it's made clear up
    front. I do have problems with somebody I am not contractually linked to
    doing so.



    Bryan S. Sampsel

    Mark Medici said:
    >> From: Bryan S. Sampsel []
    >> Sent: Friday, March 12, 2004 11:23 AM
    >> If you're the customer. However, if you're not the customer, they
    > have no
    >> legal right to scan your resources.
    > That's a different matter, but still it's not illegal, at least not
    > under any law that I have seen. But IANAL or a cop, YMMV and all that
    > stuff. While I might not like someone scanning my ports, there is
    > nothing particularly bad about it, unless it is done in such a way as to
    > constitute a denial-of-service attack or harassment.
    > Now, how the person scanning uses that information may be illegal
    > (attempting an exploit) or negligent (unauthorized disclosure to third
    > parties).
    > Port scanning is such a common and innocuous occurrence that there's no
    > reason for it to even be a part of your normal IDS alerts or reports.
    > Just block it and log it and ignore it unless/until there's an
    > escalation, then go back to the raw logs for evidence. Of course, if
    > the port scans make it through to your DMZ or internal network, then I'd
    > want to see alerts from the IDS's in those zones.
    > As for testing all connecting SMTP servers for the presence of open
    > relay/proxy, I think this is a matter of self preservation and a feature
    > I'd personally like to see my MTA provide. It's hard to argue against
    > something that makes good common sense.
    > If it makes you feel better or more secure to firewall-off every IP that
    > scans your ports or checks for open relays, then go ahead and do it.
    > But expect to keep busy, and potentially loose communications from bona
    > fide customers in the process.

    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:

  • Next message: Mike: "RE: SPYWARE detection"

    Relevant Pages

    • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
      ... What OS are you scanning? ... Random unprivileged TCP ports below 5000 kind-of open for a ... I found out that by default nmap doesn't scan every ...
    • Re: Attack attempts from
      ... > proxies without portscans is impossible nowadays. ... We do stop scanning when an open proxy port has been found ... > increment), but a full scan will be done before the IP is declared ... read your post correctly, you're scanning _all ports_, 10.000 ports at a ...
    • Re: Hacker haven
      ... I want to check out the services on some of the servers on my network ... > and find out which ones should be port scanning my ports. ... firewall such as Tiny to your computer behind the router. ...
    • Re: Need help on ipchains,please!
      ... > im trying to set up my FW rules with ipchains,but when scanning with nmap ... > or netstat i always get the same ports as being open and listening,whatever ...