> Not to mention the fact that you don't actually have to utilize a
> vulnerability to know that it is there. Vulnerabilities all
> have signatures or characteristics that make them visible without
> doing anything illegal at all, unless you want to argue that having
> your router route traffic to the machine in question constitutes
> improper use of your private property. Anyway, there are numerous
> tools out there that will not only scan a machine for vulnerabilities
> and report back what they are, but also how they work, and how they
> can be fixed. In my opinion, this is like driving by a house with
> all the doors wide open and then leaving a note saying, "Hey, <silly
> person>! You left your doors wide open." As long as they don't take
> your TV or tell their friend to do so nothing has changed. I feel
> that a lot of the anger and rant following this sort of thing stems
> from pure embarrassment. Get over it and learn to tighten up the ship.
> If it's that critical it shouldn't be scannable to begin with.
This is one of the rare times I have to disagree with you. Not all
vulnerabilities are simply a matter of scanning, and scanning itself,
carried to its extreme, is an intrusion. Following your analogy, a complete
system scan (say all ports from 1-65k, attempts to communicate with IPC
listeners, OS/service identification, etc) wouldn't be like someone driving
by my house, but more like someone walking through my house and looking in
the clothes hamper! Even if they didn't touch anything, they've gone where
they shouldn't. I'm not the only one who feels this way: do some complete,
non-subtle port scans on federal or state government networks, and see how
long it takes for the hostmaster for your IP address range to get an email
(The answer: less than 10 minutes).
In any case, there are lots of vulnerabilities which do require more than
scanning; buffer overflows, for instance, require that you send malformed
data, and if the overflow condition exists, the vulnerable service may crash
itself or the OS. Or, you might consider linked vulnerabilities, where the
outer one might be easily scanned, but the inner one requires that you
exploit the outer one. For example, my web server is vulnerable, and my
database is vulnerable from the web server. So, someone gets a list of
credit card numbers out and hands them to me. Finally, if you follow your
scanning example to its logical extreme, then denial of service attacks are
just fine; they don't take advantage of any target vulnerabilities.
I don't know; it sounds like crime to me.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
