"portscans" (was Re: Arbor Networks DoS defense product)
Greg A. Woods
woods at weird.com
Sun May 19 17:36:49 UTC 2002
[ On Sunday, May 19, 2002 at 03:16:28 (-0700), Dan Hollis wrote: ]
> Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
>
> On 18 May 2002, Scott Gifford wrote:
> > Before choosing an onling bank, I portscanned the networks of the
> > banks I was considering. It was the only way I could find to get a
> > rough assessment of their network security, which was important to me
> > as a customer for obvious reasons.
>
> So for your offline banks, do you also go to the local branches at night
> and jiggle all the locks to make sure their doors and windows are locked?
That analogy is fundamentaly flawed. For one the Interent is never
locked after hours -- there is no "after hours", it's always open!
There are also no sign posts at every router on the Internet. The only
sign-posts are the responses you get from trying a given door -- either
it opens or it doesn't. Unless you actually try to go somewhere in
TCP/IP-land you won't know whether or not you can get there. A good
firewall makes it appear for all intents and purposes that there's no
door handle to wiggle in the first place.
--
Greg A. Woods
+1 416 218-0098; <gwoods at acm.org>; <g.a.woods at ieee.org>; <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>
More information about the NANOG
mailing list