Re: FW: Legal? Road Runner proactive scanning.[Scanned]

From: Derek Schaible (dschaible_at_cssiinc.com)
Date: 03/17/04

  • Next message: Charley Hamilton: "Re: Yet another thread on the legality of port scanning"
    To: Charles Otstot <charles.otstot@ncmail.net>, security-basics@securityfocus.com
    Date: 17 Mar 2004 13:08:02 -0500
    
    
    

    On Tue, 2004-03-16 at 14:01, Charles Otstot wrote:
    > Jef Feltman wrote:
    > I think you might have trouble convincing others that your actions do
    > not pose a problem. Simply having a host on the Internet does not
    > automatically mean that one has the right to see what might be
    > *technically* available on that host as opposed as to what the host's
    > owners intended to be available. To refer to your analogy, the shop
    > owner does not (in general) have the responsibility to lock the door and
    > provide those who need access with a key. Rather, outsiders have the
    > responsibility (both moral and legal) to stay out unless invited in.

    If a host is on the Internet, how are people supposed to know its there?
    We accept allowing sites such as Google to come and index them for
    search engines, if indeed they are running http. However, there are
    many, many other services that can be provided and not all are
    accessible through some means such as this.

    When any host is put on the Internet and open you are inviting the
    public to browse your machine in some manner. Port scanning is a means
    to see what manners are available. One can only assume that if a service
    is "technically" available, it was intended to be available. There are
    many tools at our disposal to ensure that only our intended services are
    being made available - such as Port Scanning.

    This debate has been beaten to death. Accept the fact that mere port
    scanning causes no harm anyway. If someone is being malicious in the
    packets they are crafting to scan your host and causing harm you may
    have a leg to stand on if you can supply the logs to support your
    theory, perhaps you need a better firewall that can stop this behavior
    (a simple iptables script can put a stop to that) or get better locks
    :-)

    -- 
    Derek Schaible <dschaible@cssiinc.com>
    CSSI, Inc.
    
    



  • Next message: Charley Hamilton: "Re: Yet another thread on the legality of port scanning"

    Relevant Pages

    • RE: application for an employment
      ... The idea that you as a general Internet user have to scan a host to find ... be justification for port scanning is incredulous to state the least. ... Google crawls sites. ...
      (Security-Basics)
    • RE: OT: the detection of illegal gateways
      ... Get the MAC address of each node on the network. ... Remember that almost any host on a network could have routing ... The connection that you seek may be on the other side of a windows or ... be responded to via the internet). ...
      (Pen-Test)
    • Re: 2 pc network - cant see host files from pc 2 on pc 1
      ... If the second card is lost on HOST PC then DSL Internet does not connect. ... Ditch the second network card in the one ...
      (microsoft.public.windowsxp.security_admin)
    • RE: Spamcop listed - need help to diagnose why
      ... >> The damage done to the Internet by just a single host that might ... using archaic versions of Exchange, or notes mail, or whatever - these ... All I said was that listing systems that do not ...
      (freebsd-questions)
    • Re: virtual server 2005 rs client not able to ping host
      ... If the NIC in the host is dedicated to the Internet connection, ... cannot use it to connect to the guest. ...
      (microsoft.public.windows.server.networking)