On Fri, 23 Jul 1999, Paul D. Robertson wrote:
> > Agreed. As I said, I have no problem busting people that actually DO
> > something. I see no problem with using evidence of a port scan as
> > establishing a pattern, once and ACTUAL BREAK-IN has occured, but it is
> > not in-and-of-itself harmful or dangerous to network security.
>
> Portscanning *can* be harmful to the network equipment, vigorous
> portscanning *can* make network-based equipment unavailable to legitimate
> users, and poorly-written stacks in such equipment can die when handed
> fragmented packets typically used for "stealth scanning."
Again, this problem is your VENDOR's fault. Properly written TCP/IP
stacks will not have this problem. Complain to your vendor. A port scan
doesn't do anything that a legitimate user doesn't do (except that it
does it to a bunch of ports instead of just one), so your hardware is
BROKEN.
> Having dropped a provider's core infrastructure during a friendly audit
> with full knowledge and permission with a fragged scan, I can totally
> refute the "not in-and-of-itself harmful or dangerous."
>
> The scanner doesn't _know_ the scan won't do harm - and likely doesn't
> care in most cases.
A scan WON'T do harm to non-faulty hardware, so the scanner shouldn't need
to be concerned. The vendor is at fault.
Derek D. Martin | UNIX System Administrator
[EMAIL PROTECTED] | [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
