Re: [cobalt-users] PortSentry works !

[Jan Tietze <jptietze@xxxxxxxxxxx>]

Dear Rodolfo,

I respectfully disagree. Portscans can be very useful tools. If you are
receiving Stacheldraht packets from a specific host, for instance, it
may be appropriate to do a portscan of the offending host to find out
whether it has unsual ports open (like, for instance, a root shell bound
to some arbitrary TCP port, or SSH daemons listening on high ports, or
whatnot), in which case you should take immediate action to notify the
administrators of that host. If you get inconlusive results, this might
indicate a forged source address etc., which may be something that might
make you want to talk you upstream about egress filtering etc. Other
situations can arise as well that could potentially make portscans of an
outside host ethical, like repeated attempts of attack could make you
want to check for obvious signs of compromise on the offending host, or
whether it is running an open SOCKS proxy etc. All this will provide
clues as to what to tell when contacting an ISP NOC or admin.

I agree that the original point made by the previous posters (whose name
you have removed, which is why I can only refer to him in this somewhat
kludgy way) was not really an analogy that would fit but rather missed
some logic ;-)

Jan

Rodolfo Paiz wrote:

> > I don't think it can be illigel to do a portscan. If so, it
> > would also be illegal to carry a  gun. You can't jail someone
> > just because "he maybee will make a crime"
>
> Analogies are dangerous. A portscan is never used in self-defense.
>
> --
> Rodolfo J. Paiz
> rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users