The reason for the failure was faulty equipment. Network equipment that
does not correctly handle network traffic doesn't seem to fit in the
discussion, as I see it.
I certainly would not extend the argument to saying a normal and usual scan
is morally wrong because there might be somebody out there with faulty
equipment and we wouldn't want to cause a failure.
-----Original Message-----
From: Paul D. Robertson [mailto:[EMAIL PROTECTED]]
Sent: Saturday, July 24, 1999 8:35 AM
To: P L STEINBRUCH
Cc: Derek Martin; Paul L. Lussier; William Joynt; Bill Joynt; Dave
Gillett; Firewall list; Paul L. Lussier
Subject: Re: trial & charges
On Sat, 24 Jul 1999, P L STEINBRUCH wrote:
> Paul.
>
> In this case you have caracterized a DoS using port scanning , don't you ?
> IMHO , this is a little bit different than just do a port scanning , at
> least in the sense I was understanding the question as initial posted.
> Such a situation - in our most used analogy - is like someone geting the
> door's knob and frenetically push and
> pull it "several times per minute" which hard can be justified as
something
> done in the best interest of your
> neighbor.
The point is that a *single packet* from a portscan can cause a DoS -
that's "just do a port scan" in my book - how isn't it in yours?
> > users, and poorly-written stacks in such equipment can die when handed
> > fragmented packets typically used for "stealth scanning."
In my case, I came across the CISCO IOS bug that meant a fragmented packet
to syslog's port would bring down the routers.
I wasn't *trying* to flood the network during a scan, in fact I was trying
to do no harm at all. As I said, I was doing a sanctioned scan - I _knew_
what equipment was at the other end (but I didn't check for versions prior
to scanning - now that's on my list) and I _still_ brought down the
provider. How can you say that someone with no idea of what he or she is
sending packets at will do no harm?
A simple port scan *can* do harm. There's no doubt that somewhere
someone has equpiment that's affected by other types of scans- you can't
*know* the scan won't cause harm, and without permission it's _at_least_
morally wrong if not legally wrong (at least in some jurisdictions it is -
and people in those jurisdictions have every right to file a lawsuit.)
Paul
----------------------------------------------------------------------------
-
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
