Re: Yet another thread on the legality of port scanning
From: Barry Fitzgerald (bkfsec_at_sdf.lonestar.org)
Date: 03/18/04
- Previous message: Joe Dumass: "Silly analogy"
- In reply to: David Gillett: "RE: Yet another thread on the legality of port scanning"
- Next in thread: Yvan Boily: "RE: Yet another thread on the legality of port scanning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Mar 2004 13:29:30 -0500 To: gillettdavid@fhda.edu
David Gillett wrote:
> Portscans don't discover services, just ports.
>
>
Semantics - I was trying to stay within the scope of the previous
messages, which were straying wildly away from port scanning.
Anyway, with the latest version of nmap, a port scan can do service
discovery. It all depends on what the returning packets include.
Again, this is semantical and not relevant to the topic at hand, really.
>
> If CNN wants to provide an anonymous FTP service, they're likely
>to put it on ftp://ftp.cnn.com . www.cnn.com should almost certainly
>be dedicated to web service, and any FTP service running on that box
>is *probably* only intended for distribution of content updates to
>the web site; if it accepts anonymous connections, that's more likely
>by mistake than by design. "Reasonable man" says that if they have
>an intended anonymous FTP site, that's not where it is.
>
>
>
My point was that hostname doesn't dictate accessability. If I name my
website http://www.yournotauthorized.com, your "reasonable man"
hypothesis would dictate that people should never visit my website --
what if my business is Not Authorized Security, Inc. and I focused on
detecting intrusions?
My point isn't whether anon FTP servers should be placed on web servers
nor whether that's a good or normal idea. Suffice it to say that it
happens frequently enough and that enough website anf FTP server FQDNs
*DON'T* begin with www that your "reasonable man" assertions are left in
a situation that is far too vague to be useful.
By that thinking, http://isc.sans.org/ or ftp://mirrors.kernel.org
should be offlimits, but they aren't.
Also, the assumption you're making is that "reasonable man" understands
the standards that we're talking about. A "reasonable man" (aka, most
users) can still be both reasonable and ignorant. Expecting them to
understand this concept when we ourselves don't follow it is unreasonable.
-Barry
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Joe Dumass: "Silly analogy"
- In reply to: David Gillett: "RE: Yet another thread on the legality of port scanning"
- Next in thread: Yvan Boily: "RE: Yet another thread on the legality of port scanning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
