The legitimate reason you have is the simple fact that you
don't have any other option of determining what services are
available on a given host or range of hosts.
Yes you do.
Suppose you want to send me an email. By your argument, your
only option is to scan our whole address block(s!) looking for
machines that will answer on port 25.
Bzzzt! WRONG! Do a DNS lookup for the MX records for our
domain.
Suppose you want to register online to take courses here. By
your argument, your only option is to scan our address space for
hosts that answer on ports 80 and 443.
Bzzzt! WRONG! Point your browser at the college homepage (you
could Google for it) and follow the links to "Registration".
Suppose you want to compromise one of our hosts to set up a
warez server. By your argument, your only option is to scan our
address space looking for a host running a service for which you
have an exploit available.
Uh, wait. You just lost the qualifier "legitimate".
If I want you to be able to use a service X on host Y, I will
find some way to advertise that service. If I don't advertise the
service, it may be something that I don't even know is there --
perhaps installed silently by the OS or some legitimate application,
or perhaps by some cracker. In neither case is there a presumption
that I'm inviting you to use it, if only you can find it.
David Gillett
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
