sorry, i became a bit excited with the send button.
Once again...
> This is like saying that car theft can't be illegal because it would
> prevent anyone from ever driving! [Clue: It becomes criminal when you
>don't
> have the owner's permission....]
I guess I don't understand your analogy. Noone is stealing the car,
they are merely pulling the door handle to see if they can open up the
passenger side and take the box of cheezits that are in the seat.
I believe the topic at hand was usage of scanning tools, and what
one can do if a scan is detected, not the detection of an actual breakin
attempt. I also believe I addressed that in my last email by saying:
>"I would find it hard to believe that someone could be prosecuted based on
>something like an nmap scan."
And since usage of a sweeping tool is merely an information gathering
tool, and not an actual breakin, there is no law that could possibly convict
someone of this type of activity.
Tell me you've never used the command telnet host.com 80 to find
out if the webserver was in fact up, when you're crappy bloated
browser reported that it wasn't. Have you just committed a crime?
I think not. So what if it was a load balancing webserver farm, and you
checked every machine on the subnet for port 80. Have you commited
a crime yet? I think not. I perform network mapping which involves port
scanning for tcp based services on hundreds of managed machines,and
the shackles are still not on.
Gain user level access to a machine with malicious intent, and then you're
talking prosecution, but portscan our webserver all day - I could care
less, and neither should you. If you secure your network appropriately, you
should be able to sit back and watch the feeble attempts (99% of all the
attempts will be feeble), and laugh. If I or any of my staff took it upon
ourselves
to report portscans, tcp fingerprint attempts or network data collections
to an agency, we would spend 24 hours a day reporting "incidents" (I use
the term loosely), and no time doing the things that actually matter.
Matt
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
