On Tue, 19 Dec 2000, Alex Rubenstein wrote:
On Tue, 19 Dec 2000, Shawn McMahon wrote:
How many ports must be scanned before you deem it an attack? Is one port enough? Five? 50?
I don't deem a port scan as vicious or an attack.
Without muddying the issue, while a port scan might not be considered (legally or operationally) as vicious or an attack, one need not feel obligated to allow it (at a router/firewall level) or support it or ignore it for that matter. I don't support people screaming that someone's dial-up connection should be shut off for it, but that doesn't mean a thoughtful admin can't keep an eye on machines that have scanned his/her network. I liken it to driving into someone's driveway. They _might_ just be turning around, they _might_ just be lost, they _might_ be planning something nefarious. It doesn't make you call the cops instantly, but it doesn't stop you from taking note of their license plate, description or other vital details. Deepak Jain AiNET