Re: FW: Legal? Road Runner proactive scanning.[Scanned]
From: Derek Schaible (dschaible_at_cssiinc.com)
To: Charles Otstot <firstname.lastname@example.org>, email@example.com Date: 17 Mar 2004 13:08:02 -0500
On Tue, 2004-03-16 at 14:01, Charles Otstot wrote:
> Jef Feltman wrote:
> I think you might have trouble convincing others that your actions do
> not pose a problem. Simply having a host on the Internet does not
> automatically mean that one has the right to see what might be
> *technically* available on that host as opposed as to what the host's
> owners intended to be available. To refer to your analogy, the shop
> owner does not (in general) have the responsibility to lock the door and
> provide those who need access with a key. Rather, outsiders have the
> responsibility (both moral and legal) to stay out unless invited in.
If a host is on the Internet, how are people supposed to know its there?
We accept allowing sites such as Google to come and index them for
search engines, if indeed they are running http. However, there are
many, many other services that can be provided and not all are
accessible through some means such as this.
When any host is put on the Internet and open you are inviting the
public to browse your machine in some manner. Port scanning is a means
to see what manners are available. One can only assume that if a service
is "technically" available, it was intended to be available. There are
many tools at our disposal to ensure that only our intended services are
being made available - such as Port Scanning.
This debate has been beaten to death. Accept the fact that mere port
scanning causes no harm anyway. If someone is being malicious in the
packets they are crafting to scan your host and causing harm you may
have a leg to stand on if you can supply the logs to support your
theory, perhaps you need a better firewall that can stop this behavior
(a simple iptables script can put a stop to that) or get better locks
-- Derek Schaible <firstname.lastname@example.org> CSSI, Inc.
- application/pgp-signature attachment: This is a digitally signed message part