[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] PortSentry works !

Subject: Re: [cobalt-users] PortSentry works !
From: "Bryan" <raqbox@xxxxxxx>
Date: Thu Mar 15 17:43:22 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

The point is - you are talking - THE PERSON.
In computer cases - the person often can not be IDed



----- Original Message ----- 
From: Graeme Fowler <Graeme.F@xxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 15, 2001 4:24 PM
Subject: RE: [cobalt-users] PortSentry works !


> Christian Karlsson wrote:
> > How can it be proved that a person has intented to commit 
> > further offences?
> 
> Because in normal operation you simply do not go around probing machines
> for services. It's a little like spending time walking round someone's
> house looking through all the windows; sooner or later someone will
> approach you about your behaviour. Maybe you're trying to figure out if
> the occupier is in trouble, but usually you're just trying to see
> whether or not the video is worth stealing.
> 
> > Everyone who uses a portscan doesn't do this act in an 
> > attempt to hack in to the server.
> 
> No, not everyone. In my experience however most do - if they find an
> open, commonly-exploited and vulnerable port then it's almost certain
> you will start receiving cracking attempts.
> 
> > How many ports has to be tried to access before it can be 
> > called a "scan"?
> > If I access the website (port 80), the POP3 (port 110), the 
> > ftp (port 21) and then the telnet (port 23) have I done a
> > "portscan" then?
> 
> Not if you access those services legitimately, no. If however you carry
> out a half-open SYN scan against those ports but do not actually make
> use of the servcies then yes, you're scanning.
>  
> > I don't think it can be illigel to do a portscan. If so, it 
> > would also be illegal to carry a gun. 
> 
> It is in the UK :)
> 
> As has been pointed out previously in this thread, the legality or
> otherwise of port scanning is a grey area. As I said previously, to my
> knowledge in the UK there have as yet been no prosecutions brought where
> the 'offence' is port scanning.
> Personally I feel that port scanning of any machine via a 'stealth'
> mechanism (half-open SYN, NULL, or XMAS) is worth complaining about.
> If a scan followed by an exploit followed by data loss occurs, then that
> scan was the start of a chain of illegal events and should be included
> in any action taken.
> 
> Until the law internationally catches up with the sort of people who
> carry these things out, we're all in the grey area about what to do. My
> advice: catch a portscan, look up the netblock owner, contact them and
> their upstream's abuse dept. and see what they have to say. That's
> usually enough to get an account closure.
> 
> Graeme Fowler
> Systems Administrator
> graeme.f@xxxxxxxxxxxxxxx
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- RE: [cobalt-users] PortSentry works !
  - From: Graeme Fowler

Prev by Date: Re: [cobalt-users] Diffrence between RAQ4 and RAQ3
Next by Date: [cobalt-users] J2EE on RaQ4 - is it possible?
Previous by thread: RE: [cobalt-users] PortSentry works !
Next by thread: [cobalt-users] Problems installing BIND Update 4.0.3 on RAQ3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index