Re: FW: Legal? Road Runner proactive scanning.[Scanned]

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 03/16/04

  • Next message: Steven Joerger: "Re: Encryption on Laptops?" 
    Date: Tue, 16 Mar 2004 23:17:48 +0100
To: security-basics@securityfocus.com

    On 2004-03-15 Bryan S. Sampsel wrote:
    >
    > Ansgar -59cobalt- Wiechers said:
    >
    > > I have to respectfully disagree. Portscans *may* very well be
    > > utilized by an attacker to identify what is running on a system, so
    > > they *may* indicate a forthcoming attack. OTOH finding out what
    > > services some box provides IMHO is a legitmate means for any
    > > potential user.
    >
    > No regular, authorized user should be scanning. That user will be
    > provided the information as necessary. Sorry.

    Your are going to explain how you are going to do that, e.g. for
    publically available services on ports that are not well-known, aren't
    you? And even if so, what's it hurt if someone goes finding out for
    himself? I still don't get your point.

    > > If you don't intend to provide a service then why do you make it
    > > available? If you run a service with known vulnerabilities then why
    > > don't you fix/change it? If you intend to provide a service and
    > > there are no known vulns then why do you consider portscans a
    > > problem? Do you really believe security thru obscurity is going to
    > > work?
    >
    > Nothing about obscurity ever played into my explanation.

    How else should I call hiding the services you provide by prohibiting
    portscans (or trying to)?

    > As to vulnerable services...find me one that hasn't had a
    > vulnerability show up. And find me one that, even when the patches
    > are kept up to date, has not occasionally been exploited before
    > patches became available.
    >
    > Portscans are comparable to somebody checking all my windows and doors
    > to see if they're unlocked.

    So? Lock them already, if you don't want them to be open.

    > I have mail box out front for communication and a phone. People can
    > call me. But them attempting to find other ways into my house is
    > tresspassing. And such activity can indicate an attempt to break in
    > is forthcoming.

    This analogy was born without legs. A portscan is a means of finding out
    what services you are providing to the public. Nothing more. Nothing
    less.

    > > To sum up: a portscan may or may not indicate a forthcoming attack,
    > > but it is *not* an attack in itself.
    >
    > The point is debatable.

    Obviously.

    > I consider it enough of an indicator that I take it seriously.
    > Sometimes, it isn't even a person doing the attack, but an infected
    > machine. More than one virus performs portscans.

    Sure. But still the portscan is not the attack. I already said that it
    might indicate a forthcoming attack, so there's nothing wrong with
    taking it seriously, but I wouldn't be too worried about it.

    Regards
    Ansgar Wiechers

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Steven Joerger: "Re: Encryption on Laptops?"

    Relevant Pages

    • RE: Legal? Road Runner proactive scanning.[Scanned]
      ... I do not consider port-scanning in and of itself to be an attack. ... > Attend a course taught by an expert instructor with years of ... Master the skills of an Ethical Hacker to better assess the ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • FW: Legal? Road Runner proactive scanning.[Scanned]
      ... You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Preventing DDOS Syn floods on HTTP servers
      ... but won't stop any big attack. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Dos Attack
      ... Subject: Dos Attack ... 1A0B from outside of your ISP, or even from outside of New Zealand - ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: FW: Legal? Road Runner proactive scanning.[Scanned]
      ... > You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Quantcast