Ron DuFresne writes:
> On Mon, 26 Jul 1999, Derek Martin wrote:
>
> > On Fri, 23 Jul 1999, Paul D. Robertson wrote:
> >
> > > > Agreed. As I said, I have no problem busting people that actually DO
> > > > something. I see no problem with using evidence of a port scan as
> > > > establishing a pattern, once and ACTUAL BREAK-IN has occured, but it is
> > > > not in-and-of-itself harmful or dangerous to network security.
> > >
> > > Portscanning *can* be harmful to the network equipment, vigorous
> > > portscanning *can* make network-based equipment unavailable to legitimate
> > > users, and poorly-written stacks in such equipment can die when handed
> > > fragmented packets typically used for "stealth scanning."
> >
> > Again, this problem is your VENDOR's fault. Properly written TCP/IP
> > stacks will not have this problem. Complain to your vendor. A port scan
> > doesn't do anything that a legitimate user doesn't do (except that it
> > does it to a bunch of ports instead of just one), so your hardware is
> > BROKEN.
>
>
> Derek, this is incorrect, and not a good attempt to avoid the point<s>
> made by Paul and others here on this topic also. What legitimate user
> sends only fin or syn packets to a broad range of ports? Which protocal
> or tcp/ip service implements null scans to achieve it's means? Scanners
> form packets, fragments of, and combinations of packets that do not
> constitute normal, legitimate usage patterns, and thus most leave a
> distiinctive footprint in the logs of the systems being scanned. Many of
> the DOS and intrusion methods recnetly used do much the same thing, taking
> advantage of previously unknown broken tcp/ip stacks and services. It's
> also when vulnerabilities like this are noted in these security related
> lists that the incidence of 'non-authorized' scans probing for such
> weaknesses increase.
>
> Thanks,
>
> Ron DuFresne
Do you think that buffer overflows are not a bug?
< paul
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
