[47945] in North American Network Operators' Group
Re: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Scott Francis)
Sat May 18 23:21:05 2002
Date: Sat, 18 May 2002 20:15:10 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: "Greg A. Woods" <woods@weird.com>
Cc: nanog@merit.edu
Message-ID: <20020519031510.GD69382@darkuncle.net>
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
"Greg A. Woods" <woods@weird.com>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="Xm/fll+QQv+hsKip"
Content-Disposition: inline
In-Reply-To: <20020519030534.4C874AC@proven.weird.com>
Errors-To: owner-nanog-outgoing@merit.edu
--Xm/fll+QQv+hsKip
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, May 18, 2002 at 11:05:34PM -0400, woods@weird.com said:
> [ On Saturday, May 18, 2002 at 16:03:11 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > And why, pray tell, would some unknown and unaffiliated person be scann=
ing
> > my network to gather information or run recon if they were not planning=
on
> > attacking? I'm not saying that you're not right, I'm just saying that s=
o far
> > I have heard no valid non-attack reasons for portscans (other than thos=
e run
> > by network admins against their own networks).
>=20
> I scan networks and hosts very regularly for legitimate diagnostic
> purposes as well as occasionally for curiosity's sake. I've never
Legitimate diagnostic purposes would mean that you would not fall into the
category of "unknown and unaffiliated". Curiosity's sake, well ... depends =
on
whose network it is.
> attacked any host or network that I was not directly responsible for.
> If you don't want the public portions of your network mapped then you
> should withdraw them from public view.
Agreed there. Defense is important. It might be good to note that I'm not
giving a blanket condemnation of all portscans at all times; but as a GENER=
AL
RULE, portscans from strangers, especially methodical ones that map out a
network, are a precursor to some more unsavory activity.
> BTW, please be one heck of a lot more careful with your replies. My
> original reply to you was not copied to the list and I did not give you
> permission to post a response quoting my words back to the list.
Apologies; my finger was a bit too quick on the 'g'. As this message came to
the list, I will assume it is safe to cc the list on my reply. Sorry about
that last.
--=20
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--Xm/fll+QQv+hsKip
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQIXAwUBPOcYvYgCD7rLM8ynFANu8Qf+OOs/iRqVWDSdi2kEJ8r6+i5AKbF5LK3w
bGuHk1gjWV0KoiSBoHewl2Mr327GJkv3jmAWwvPW+JgfPtsylxiZ/QlMXRK7KhG3
sISkOeloawZXCq3nI6Ev7MzD5XBJSdF1NLmvCq4S/k3muibNpwKJ8qIOZEPHrvmo
v+rw+IcmGYAoe/yMuaKwS38NCiwRjVNQNoC1xew+MQjeHgbM+4qg/7W96O1eN8Go
JwcwdOtWMFiBaUrTx1aCQtPZIkM5q6RL8wEA3pFi19eSobo+L2VnFjwvQdRy/mkI
rD17ehZgT87DaGys5V/X3JAfwuMvT5iw2NLxIc+P25LbidTIPI9G2QgAm+hCfvsV
tN6C5TYX9pkNXj2UJys0YHGQudCIWeSwmcmOpJu4/WMsi6kzqv71gL9SVz0oSSQX
ftE+VUt3TBKIymSbT+QIy0p/R8Sqb0tr+RL+YAvNGcjgI/xwNjvH7j1v1Ec46Uio
U6oCmN6y4kyT7eNID7yBCyhOYo3RYo2BEKqX3MW4SERv2kPxwiqKDBJGHDVOj+FU
Kjizvg6KctMt3lfpRg+++5n3f9Y7R53037tPYAM5BTRjcYHfy7VmdCUQS8Cy1LWZ
KTCZ4Fl3iQwLrIyWO28fy+q4vILwMWxMcvAdbeIhbvN/wDUTFeskTZ1udcm9blfc
jqqUxtU3z2zHvQ==
=I7S2
-----END PGP SIGNATURE-----
--Xm/fll+QQv+hsKip--
