[47971] in North American Network Operators' Group
Re: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Scott Gifford)
Sun May 19 14:55:31 2002
X-Delivered-To: nanog@merit.edu
To: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>
Cc: nanog@merit.edu
From: Scott Gifford <sgifford@suspectclass.com>
Date: 19 May 2002 14:54:57 -0400
In-Reply-To: "Stephen J. Wilcox"'s message of "Sun, 19 May 2002 10:12:36 +0100 (BST)"
Message-ID: <lysn4oklxa.fsf@gfn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: owner-nanog-outgoing@merit.edu
"Stephen J. Wilcox" <steve@opaltelecom.co.uk> writes:
> On 18 May 2002, Scott Gifford wrote:
>
> >
> > Scott Francis <darkuncle@darkuncle.net> writes:
> >
> > [...]
> >
> > > And why, pray tell, would some unknown and unaffiliated person
> > > be scanning my network to gather information or run recon if
> > > they were not planning on attacking? I'm not saying that you're
> > > not right, I'm just saying that so far I have heard no valid
> > > non-attack reasons for portscans (other than those run by
> > > network admins against their own networks).
> >
> > Before choosing an onling bank, I portscanned the networks of the
> > banks I was considering. It was the only way I could find to get
> > a rough assessment of their network security, which was important
> > to me as a customer for obvious reasons.
>
> I would argue that this is not good practice and you dont have the
> right to intrude on the workings of the banks network just because
> you have the technology to do so.. if a telnet port was open would
> you also check that you were unable to brute force your way in? That
> is to say.. what exactly were you hoping to find and then do with
> the results?
I'm not arguing it's good practice. I'm giving it as an example of a
reason why somebody might scan your network, even though they were not
planning on attacking.
----ScottG.
