RE: FW: Legal? Road Runner proactive scanning.[Scanned]

• Previous message: Greg Holl: "RE: Laptop Security DeepFreeze"
• In reply to: Jef Feltman: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Next in thread: Phil Brammer: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: Phil Brammer: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 15 Mar 2004 11:41:08 -0700 (MST)
To: security-basics@securityfocus.com

Jef Feltman said:
> So if someone comes and knocks on your door at home you shoot them? Do you
> consider them a criminal? No, you lock the door and windows.

Not quite an accurate comparison. A portscan is comparable to somebody
testing those locks and windows. An action that has legal ramifications.
And legally speaking, a tresspasser doesn't have to bypass a locked door
to tresspass.

A knock is a "service" -- a method of communicating with my house. As is
a phone or mail. Just a tad different than a security probe.

>
> If your host is on the internet I consider it public and knocking on the
> door to see if the shop is open, is not a problem. If you do not want
> people
> coming in the door lock it and give a key to those who need it.

Still not an apples-apples. There are legit ways of communicating with my
system.

>
> Based on your statement no website should not be accessed by anyone other
> than an employee. Sending E-Mail would be a violation also, as the port
> must
> be checked to verify it can be opened to receive.

Nope. Email performs a handshake, it does not probe an entire system to
communicate. If it receives no response on its connection attempt, it
ceases activity.

>
> Port scanning is not an attack it is probe. I have scanned many machines
> that have tried to attack my machine trying to verify if it is an attack
> or
> the host has been compromised. Unless the attack is currently in progress,
> the host is almost always taken over by a hacker or virus. Scanning the
> host
> allows me to find ports open that prove the host has been attacked and
> taken
> over. Then I am able to inform the ISP or user of the problem. And not go
> after some innocent user.

My IDS tells me who tried to attack/probe/portscan (pick one) and I inform
the ISP or server owner (from WHOIS) and let them know the nature of the
activity I'm seeing. I do not want to initiate the same type of activity
against them, I want them to inspect and fix their problem. Blocking the
attack is my business, inspecting and fixing it is theirs.

<snipped for brevity>

bryan

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Greg Holl: "RE: Laptop Security DeepFreeze"
• In reply to: Jef Feltman: "RE: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Next in thread: Phil Brammer: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Reply: Phil Brammer: "Re: FW: Legal? Road Runner proactive scanning.[Scanned]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]