"portscans" (was Re: Arbor Networks DoS defense product)

Scott Francis darkuncle at darkuncle.net
Sun May 19 03:15:10 UTC 2002


On Sat, May 18, 2002 at 11:05:34PM -0400, woods at weird.com said:
> [ On Saturday, May 18, 2002 at 16:03:11 (-0700), Scott Francis wrote: ]
> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> >
> > And why, pray tell, would some unknown and unaffiliated person be scanning
> > my network to gather information or run recon if they were not planning on
> > attacking? I'm not saying that you're not right, I'm just saying that so far
> > I have heard no valid non-attack reasons for portscans (other than those run
> > by network admins against their own networks).
> 
> I scan networks and hosts very regularly for legitimate diagnostic
> purposes as well as occasionally for curiosity's sake.  I've never

Legitimate diagnostic purposes would mean that you would not fall into the
category of "unknown and unaffiliated". Curiosity's sake, well ... depends on
whose network it is.

> attacked any host or network that I was not directly responsible for.
> If you don't want the public portions of your network mapped then you
> should withdraw them from public view.

Agreed there. Defense is important. It might be good to note that I'm not
giving a blanket condemnation of all portscans at all times; but as a GENERAL
RULE, portscans from strangers, especially methodical ones that map out a
network, are a precursor to some more unsavory activity.

> BTW, please be one heck of a lot more careful with your replies.  My
> original reply to you was not copied to the list and I did not give you
> permission to post a response quoting my words back to the list.

Apologies; my finger was a bit too quick on the 'g'. As this message came to
the list, I will assume it is safe to cc the list on my reply. Sorry about
that last.

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020518/3d89f7a4/attachment.sig>


More information about the NANOG mailing list