Re: trial & charges

Sat, 24 Jul 1999 02:01:24 -0700 

Paul.

In this case you have caracterized a DoS using port scanning , don't you ?
IMHO , this is a little bit different than just do a port scanning , at
least in the sense I was understanding the question as initial posted.
Such a situation - in our most used analogy - is like someone geting the
door's knob and frenetically push and
pull it "several times per minute" which hard can be justified as something
done in the best interest of your
neighbor.

Best Regards,

PL Steinbruch


----- Original Message -----
From: Paul D. Robertson <[EMAIL PROTECTED]>
To: Derek Martin <[EMAIL PROTECTED]>
Cc: Paul L. Lussier <[EMAIL PROTECTED]>; William Joynt
<[EMAIL PROTECTED]>; Bill Joynt <[EMAIL PROTECTED]>; Dave Gillett
<[EMAIL PROTECTED]>; Firewall list <[EMAIL PROTECTED]>; Paul L.
Lussier <[EMAIL PROTECTED]>
Sent: Friday, July 23, 1999 11:40 PM
Subject: Re: trial & charges


> On Fri, 23 Jul 1999, Derek Martin wrote:
>
> > Agreed.  As I said, I have no problem busting people that actually DO
> > something.  I see no problem with using evidence of a port scan as
> > establishing a pattern, once and ACTUAL BREAK-IN has occured, but it is
> > not in-and-of-itself harmful or dangerous to network security.
>
> Portscanning *can* be harmful to the network equipment, vigorous
> portscanning *can* make network-based equipment unavailable to legitimate
> users, and poorly-written stacks in such equipment can die when handed
> fragmented packets typically used for "stealth scanning."
>
> Having dropped a provider's core infrastructure during a friendly audit
> with full knowledge and permission with a fragged scan, I can totally
> refute the "not in-and-of-itself harmful or dangerous."
>
> The scanner doesn't _know_ the scan won't do harm - and likely doesn't
> care in most cases.
>
> Paul
> --------------------------------------------------------------------------
---
> Paul D. Robertson      "My statements in this message are personal
opinions
> [EMAIL PROTECTED]      which may have no basis whatsoever in fact."
>
PSB#9280
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to