[32955] in North American Network Operators' Group
RE: Port scanning legal
daemon@ATHENA.MIT.EDU (Dan Hollis)
Tue Dec 19 15:28:53 2000
Date: Tue, 19 Dec 2000 12:26:16 -0800 (PST)
From: Dan Hollis <goemon@sasami.anime.net>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: Shawn McMahon <smcmahon@eiv.com>,
"'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <9DC8BBAD4FF100408FC7D18D1F0922869B7A@condor.mhsc.com>
Message-ID: <Pine.LNX.4.30.0012191220450.15991-100000@anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 19 Dec 2000, Roeland Meyer wrote:
> I've pinged IP addrs that I later found out were MIL addrs. Nothing
> happened. Duh!
Cool. Care to portscan a couple .mil /16's and get back to me?
> There are a LOT of IP addrs that aren't in the DNS. How is one to know?
Hmm. whois perhaps?
connecting to whois.arin.net [192.149.252.21:43] ...
HQ 7th Signal Command (NETBLK-ARMY-C) NETBLK-ARMY-C198.49.183.0 - 198.49.192.0
INFORMATION SYSTEMS COMMAND (NET-NSMCNET) NSMCNET198.49.185.0 - 198.49.185.255
Naah, that makes too much sense. Can't have that now can we.
> I don't know about you, but I flunked telepathy in High School and did
> worse in clarvoyance.
One might argue its not the only thing you flunked.
> Could it be, that is why ping and traceroute were invented?
ping and traceroute are a far cry from nmap. I dont recall ping and
traceroute having a 'decoy host' option, or 'stealth' option for example,
nor any option to scan entire nets and ranges of ports.
> The argument against port-scanning applies equally well to just about every
> diagnostic tool we use.
Only by the most convoluted thinking.
-Dan
