Re: port-scanning. advise?
On Sat, Jan 13, 2001 at 08:25:00PM -0600, Jordan Bettis wrote:
> [snippage]
> > revisions of MacOS 9. The moral of the story? Be careful who you scan, they
> > may care, and be careful what OS you use for critical services.
>
> I see that as a bug in the Operating System. It is /not/ the fault of the
> guy who did the portscan. The only time I can think of a portscan being
> wrong would be if one were scanning somebody with very little bandwith.
Here's a (possibly poor and misleading :) analogy for you: is it wrong to
put salt in people's gas tanks just because they didn't padlock them? I
think it is. It would be great if the internet wasn't so cut-throat that
you have to lock up everything or else people will smash it, but it is and
won't change except by laws and rules.
Laws often suck, since they stop you from doing bad stuff by preventing a
whole bunch of things, only some of which are bad. (e.g. jaywalking on the
quietest street in the city, when you haven't seen a car for minutes. This
isn't likely to cause any trouble, but it's still against the law.) I think
the internet is doing ok the way it is, with a wild-west kind of
environment. You have to take care of yourself. I'd rather have to spend
a bit of time thinking about security than I would like to get jailed for
my own curiosity! Laws never care too much what your intentions were, just
what you did. (intentions can affect the penalty, like with murder vs.
manslaughter, but I can't think of anything that's legal as long as you do
it without ill intent. (I didn't try very hard, though:)) Unless we find a
good way to tell whether people are telling the truth when they say they had
good intentions, we can't make laws based on intent. Wild West it is, then,
unless you want the government all over your computer!
For the record, here's my opinion: I don't think anyone should get in
trouble for port scanning because they were curious and wanted to find
something out. If they did it because they knew that the other machine
couldn't take it and did it to cause damage, then that is Not OK. If you
happen to know that a machine is vulnerable, you should, if anything, warn
the owner. If you do, and they say you're wrong or don't believe you, then
prove _them_ wrong if you want, as long as you don't do any permanent damage
or cause any long term harm. (e.g. mac lab admin doesn't believe that
anyone on the internet can take down his lab. If you really really want to
win the argument, then freeze one of his Macs with a portscan, and tell him
about it. Don't freeze all of them just before some class has a big
multimedia assignment due. You'll get in trouble, and rightly so.)
> In that case, it is very easy to discern the fact that they have little
> bandwith, if they are on a dialup, etc. So one should be responsible
> for the resulting DoS.
>
> But I should not be responsible if I scan someone who's system is so flaky
> that it can't take the scan.
I think the only time you can ever be in the wrong when port scanning
is when you are actively trying to cause damage, by DoS or otherwise. If
you know, or thing there's a good chance, that something will break if you
scan, don't scan unless you want it to break.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: