[47928] in North American Network Operators' Group
Re: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Ralph Doncaster)
Sat May 18 19:17:22 2002
Date: Sat, 18 May 2002 19:17:43 -0400 (EDT)
From: Ralph Doncaster <ralph@istop.com>
To: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <20020518230311.GA68386@darkuncle.net>
Message-ID: <Pine.LNX.4.21.0205181913520.13686-100000@cpu1693.adsl.bellglobal.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 18 May 2002, Scott Francis wrote:
> And why, pray tell, would some unknown and unaffiliated person be scanning my
> network to gather information or run recon if they were not planning on
> attacking? I'm not saying that you're not right, I'm just saying that so far
> I have heard no valid non-attack reasons for portscans (other than those run
> by network admins against their own networks).
I often like to know if a particular web server is running Unix or
Winblows. A port scanner is a useful tool in making that determination.
<sarcasm>
And why, pray tell, would some stranger be carrying a concealed gun if
they were not planning on shooting someone?
</sarcasm>
