On Sat, 24 Jul 1999, P L STEINBRUCH wrote:
> Paul.
>
> In this case you have caracterized a DoS using port scanning , don't you ?
> IMHO , this is a little bit different than just do a port scanning , at
> least in the sense I was understanding the question as initial posted.
> Such a situation - in our most used analogy - is like someone geting the
> door's knob and frenetically push and
> pull it "several times per minute" which hard can be justified as something
> done in the best interest of your
> neighbor.
The point is that a *single packet* from a portscan can cause a DoS -
that's "just do a port scan" in my book - how isn't it in yours?
> > users, and poorly-written stacks in such equipment can die when handed
> > fragmented packets typically used for "stealth scanning."
In my case, I came across the CISCO IOS bug that meant a fragmented packet
to syslog's port would bring down the routers.
I wasn't *trying* to flood the network during a scan, in fact I was trying
to do no harm at all. As I said, I was doing a sanctioned scan - I _knew_
what equipment was at the other end (but I didn't check for versions prior
to scanning - now that's on my list) and I _still_ brought down the
provider. How can you say that someone with no idea of what he or she is
sending packets at will do no harm?
A simple port scan *can* do harm. There's no doubt that somewhere
someone has equpiment that's affected by other types of scans- you can't
*know* the scan won't cause harm, and without permission it's _at_least_
morally wrong if not legally wrong (at least in some jurisdictions it is -
and people in those jurisdictions have every right to file a lawsuit.)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
