RE: application for an employment

On 2006-03-29 Craddock, Larry wrote:
That may be how you interpret it but I think they're very analogous.
The point is simple ... no one has any legitimate business checking
the status of the doors and windows on my property and no one has any
legitimate business port scanning someone else's network. What
legitimate reason would I have in port scanning your network? Let me
answer that for you ... absolutely none. At best, my answer would be
curiosity and that doesn't qualify as legitimate.


I'd rather stayed out of this discussion, but since various people have
shown a gross ignorance of the technial realities of the 'net I'll throw
my 2 cent in.

The legitimate reason you have is the simple fact that you don't have
any other option of determining what services are available on a given
host or range of hosts. It's absolutely ridiculous to think that one
would need express permission to find out whether a shop is open or not.
Or if there is a shop in the first place.

Of course if your scan breaks something you may (or may not) be held
liable for that, but that's a different story.

I agree. Pointing a web browser to a server that does not offer any
http/https services could be thought of as a "port scan". Same with
accidentally pointing anything, whether it be telnet, ssh, ftp, r*, or any
kind of network tool, at a server that does not offer those services. A
connect has to be made to find out if you can use that service. There is
nothing malicious in that.

It's easy to make the analogy between real-world private property and
trespass, but it simply doesn't equate well to the network world. There's a
reason why they're called PUBLIC IP addresses. Anybody that connects a
machine to the *public* internet should *expect* to be scanned. This is
public information and can be freely used. If scanning were illegal and
criminal, what of Netcraft? What of search engine spiders?

Back to the OP's topic.. I wouldn't offer that information during the
interview or *even on the job*. EDU's can be political and you don't want
to get mixed up in that. You could use what information you've learned
about the school's network to help raise some awareness about what network
security is and what can be done if a network isn't secured. Then go about
properly scanning the network both internally and externally with written


Mike Fetherston

The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

Relevant Pages

  • Re: Unauthorized files in XP Home
    ... That's all I really wanted to know - whether it was a legitimate file, ... servers, and remote registry. ... I don't want a network. ... installation process, just disconnect the computer from any telephone ...
  • Re: application for an employment
    ... any legitimate business port scanning someone else's network. ... The obvious intent of a portscan is "find out what services a host ...
  • Re: application for an employment
    ... legitimate business port scanning someone else's network. ... education and the case study affords you unmatched consulting experience. ... Computer Emergency Response Teams, and Digital Investigations. ...
  • Re: Lost phone and info on it.
    ... I understand that the blocked IMEI list is only distributed within the UK - not to countries outside the UK - eg. Africa etc. Apparently in some African countries the black market for mobiles is so prevalent that practically no one buys/sells legitimate ones simply because they cannot compete on price with the black market. ... At work we did some work for a network operator in Africa and so we know from the horses mouth the problem with the sales of stolen mobiles killing the legitimate market. ... It's not a matter of the people buying them being crooks - it's just they couldn't afford a legitimate phone when you have communities clubbing together to by a stolen phone! ...
  • Re: personal laptop used in workplace
    ... No sensible network administrator would allow you to use your personal ... machine on the business network for business purposes, ... I appreciate the word "legitimate", but this is very shaky ground. ... use it at home, on the laptop, but take it into work, and the license ...