On 2006-03-29 Craddock, Larry wrote:
That may be how you interpret it but I think they're very analogous.
The point is simple ... no one has any legitimate business checking
the status of the doors and windows on my property and no one has any
legitimate business port scanning someone else's network. What
legitimate reason would I have in port scanning your network? Let me
answer that for you ... absolutely none. At best, my answer would be
curiosity and that doesn't qualify as legitimate.
*sigh*
I'd rather stayed out of this discussion, but since various people have
shown a gross ignorance of the technial realities of the 'net I'll throw
my 2 cent in.
The legitimate reason you have is the simple fact that you don't have
any other option of determining what services are available on a given
host or range of hosts. It's absolutely ridiculous to think that one
would need express permission to find out whether a shop is open or not.
Or if there is a shop in the first place.
Of course if your scan breaks something you may (or may not) be held
liable for that, but that's a different story.
FWIW
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
