On Tue, 27 Jul 1999, Paul D. Robertson wrote:
> On Tue, 27 Jul 1999, Ron DuFresne wrote:
>
> > If I'm correct and you are doing this from a homesite, to your employers
> > site, then most certainly it all depends upon protocol at your employer.
>
> More importantly it depends on (a) usage policies for both providers -
> either one may prohibit such scans, and if reported access could be
> terminated irregardless of intent, and (b) what local statutes are in
> place at the terminating end of the scans for all cases. For instance, if
> you're in Oregon, the local laws are quite well laid out about what
> constitutes an attempt at access beyond what is normally allowed, if
> you're in Trinidad it may not be so cut and dried. Scanning up to 400
> addresses could seem to be quite bad if the provider re-addresses and
> gives out 2 or 3 subnets to something someone considers sensitive.
>
> Worse yet, if someone finds you scanning and uses your address to spoof
> scans of more than just port 80 of a local provider's /23s, you might not
> be standing on too solid ground.
Ahh, yes, I was assuming that the ISP had no restrictions on scanning, and
it's not good to make such assumptions.
Aside from the spoofing, I'm wondering how narrow one can define and
determine that their firewall in such an instance os the address they find
in such scans. Meaning, if one scanns 3 class c's looking for port 80
being open, how many false positives of other machines running a webserver
are found, then how one determines that indeed this box is their's. I
guess this person must be excluding all machines that have other ports
open and looking only at servers running a webserver. Again though, I can
imagine that one ends up with a list of boxen that might be theirs, and
might not be.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
