On Thu, 22 Jul 1999, Bill Joynt wrote:
> So you're argument is that port scanning is considered permissable use?
> Thats what this really comes down to. The analogy of ringing a doorbell is
> inaccurate. To use your example, connecting for email is exactly the same as
> port scanning. Therefore, port scanning is making use of a website. And
> clearly, it should not be considered permissable use.
NO NO NO NO NO. My argument is that port scanning, from a technical
standpoint, is indistinguishable from "acceptable use" and that there is
no real, clearly defined, practical definition of acceptable use. Er,
permissible use.
The whole permission thing is a giant grey area. If you put a server on
the net, anyone can connect to it, which actually is the point. I'm sure
the guys who designed the ARPANet in the first place would agree. If you
don't want to give people permission to connect to your server, DON'T
CONNECT IT TO THE INTERNET.
If you don't want people accessing particular ports on your server, DON'T
RUN SERVICES ON THEM. You can't connect to a port that isn't listening
and therefore you can't break in through it. This is why port scanning is
harmless, and why it shouldn't be specifically illegal.
My contention simply is, that if you have a server on the internet, and
you have services running on its ports, you have implicitly given people
"permission" to connect to it, since in most cases, it is impossible
and/or impractical to ask permission.
Therefore, the only practical way for me to find out what services are
running and hence what services I have permission to connect to on your
server, is to connect to it and see.
This is why people use the analogy of the store front. It really is a
very good analogy. The idea is here that you have a store, and the store
has a front door, and in order for you to see if the store is open for
business you have to try to open the door... No?
--
Derek D. Martin | UNIX System Administrator
[EMAIL PROTECTED] | [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
