On Fri, 23 Jul 1999, Derek Martin wrote:
> Agreed. As I said, I have no problem busting people that actually DO
> something. I see no problem with using evidence of a port scan as
> establishing a pattern, once and ACTUAL BREAK-IN has occured, but it is
> not in-and-of-itself harmful or dangerous to network security.
Portscanning *can* be harmful to the network equipment, vigorous
portscanning *can* make network-based equipment unavailable to legitimate
users, and poorly-written stacks in such equipment can die when handed
fragmented packets typically used for "stealth scanning."
Having dropped a provider's core infrastructure during a friendly audit
with full knowledge and permission with a fragged scan, I can totally
refute the "not in-and-of-itself harmful or dangerous."
The scanner doesn't _know_ the scan won't do harm - and likely doesn't
care in most cases.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
