"portscans" (was Re: Arbor Networks DoS defense product)
Scott Francis
darkuncle at darkuncle.net
Sat May 18 23:03:11 UTC 2002
On Sat, May 18, 2002 at 05:25:27PM -0400, woods at weird.com said:
> [ On Saturday, May 18, 2002 at 13:48:27 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > > However a "portscan" is not an attack.
> >
> > Precursor to an attack, certainly.
>
> B.S. A plain old port or IP scan is nothing more than an information
> gathering excercise. Unless you're the one running it you almost
> certainly have no clue whatsoever why it was started. (Unless you can
> prove somehow that the scan pattern and/or packets matches a signature
> that's proven to be _unique_ to some known attack tool.)
And why, pray tell, would some unknown and unaffiliated person be scanning my
network to gather information or run recon if they were not planning on
attacking? I'm not saying that you're not right, I'm just saying that so far
I have heard no valid non-attack reasons for portscans (other than those run
by network admins against their own networks).
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020518/3a5ab2be/attachment.sig>
More information about the NANOG
mailing list