Re: [cobalt-users] PortSentry works !

["Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>]

Hi!

Here's hoping this message reaches you in time. I seem to be caught in a
24h+ lag...

> I reckon it is illegal.

I beg to differ. :-)

> Any portscan involves sending at least one byte to
> enter my system. This is without permission.

ICMP packets enter your system aswell, so if you consider just your text
above and forgetting about anything else in your post, I think you have a
problem with that too.

Don't get me wrong: I hate portscans and report every single one of them.
IMHO, they *should* be illegal. On the other hand, if you do not want to put
up with portscans you can a) unplug the machine b) install ipchains, block
every port but your active ports and don't use the -l switch. ;-)

AFAIK, up to now it's up to the ISP and the FUP.

> Permission is deemed to be
> given for all "normal" ports e.g.  80, etc.

Define "normal". How do I know which port you would consider "normal" if I
am not allowed to scan your ports? On a dedicated mailserver, port 80 is
definitely not normal, but 21 is.

> Entering any other port, even
> with one byte is done without permission.

Port 1080 is a pretty "normal" port, as is 21, 22, 23 and a whole bunch
more. Yet I get hits on that port every single day, even though no service
is listening. Does that mean it's illegal? I agree with you that port 1080
has services behind it with very well known exploits. But then again ports
21 and 53 have some very major known exploits (that is in wu-ftpd, ProFTPD
and BIND; I don't believe a port itself can be exploited), but these ports
are normal, i.e. not illegal to try out in your story. I could be knocking
on your ftp server every 10 minutes and yell "Hey, it's a normal port!", but
you'd still be annoyed.

Correct me when I'm wrong.

> Saying that a portscan isn't
> really illegal because it was only very minor,  is like saying I'm still a
> virgin, sort of".

Well, I am! At least in some ways. ;-)

Greetz... Nico