Suddenly it comes down to what is scanning a system ?
Is it scanning a system to just see if you can connect to them on port 80,
ie do they have a web site ? Or what about pinging an address ? People
commonly ping popular sites that are highly available (eg yahoo.com) to test
their own connections out.
What's the difference between scanning a system and attacking it ? Is it
sheer volume of traffic or is it attempting to execute malicious
instructions ? Malicious instructions leaves white hats out of the
picture... but then what's the difference between someone attempting to
identify the type of web server that is running on a server and someone
retrieving a web page.... both will get the same information if they look
for it. But one can use the information as part of an info gathering
exercise prior to an attack and the other is just viewing a web page.
By putting a system on the internet are you almost saying 'I expect people
to interact with me, otherwise I wouldn't be here'? You can't say that
permission is required to 'ligitimately' connect to a system as you wouldn't
be able to browse to web addresses from search engines (as you wouldn't have
acquired permission to do so).
But then you can say my software has an unsupported / undesired feature (ie
a bug / security vulnerability) that I don't want people to use (even if
they don't cause any damage), but I expect them to use the rest of the
features that I offer.
People can also attack you by using the features that you don't mind them
using, ie if you get enough hits to a web site or email to an smtp server,
then you suddenly can't cope and your ability to provide a service is
reduced. What is the difference between multiple people ligitimately using
your system, and multiple people using your system with the aim of
disrupting the service that you provide. In both cases the people could be
performing the same tasks, but if your hardware isn't up to it your being
attacked by one group, but ligitimately used by the other.
It sounds like it all comes down to intent of the other party, which of
course is almost impossible to prove....
Cheers,
Alex Hague
Internet Support Officer
Auckland City Council
> -----Original Message-----
> From: Kevin [mailto:[EMAIL PROTECTED]]
>
> But they shouldn't be scanning the system in the first place. It's
> not like they were walking down the street and saw some guys wallet
> sitting on the street. They have to first actively scan for the
> system.
>
> --
> Kevin - [EMAIL PROTECTED]
>
> -- Original message --
>
> > If you want to really think about a "real-world" example of
> a honey pot
> > as it is often configured, it would be like:
>
> > You're a stereo shop and you set up a fake store front a few doors
> > down. On your real store-front, you have bars and obvious
> electronic
> > surveilance and lots of warning signs. On the fake store front, you
> > have no signs, and you leave the door locked with a cheap
> lock and no
> > deadbolt, but you have hidden cameras everywhere to take
> the person's
> > picture. When they leave with stereos that are actually
> empty shells of
> > broken equipment you didn't throw out, you go back in and
> lift finger
> > prints to give to the police.
>
> > Honey pots often "entice" a cracker to try and break into
> your system
> > because it looks easy.
>
> > Darich Runyan wrote:
>
> >> No lawyer here either; however, there has been some case
> law in the US
> >> that determined that corporations had the right to monitor
> the traffic
> >> on their private networks. If the honeypot is on a
> corporate network,
> >> then I would think that you could monitor whatever happens on it.
>
> > --
> > Michael T. Babcock (PGP: 0xBE6C1895)
> > http://www.fibrespeed.net/~mbabcock/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
