On Sat, May 18, 2002 at 11:05:34PM -0400, woods@weird.com said:
[ On Saturday, May 18, 2002 at 16:03:11 (-0700), Scott Francis wrote: ]
Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
And why, pray tell, would some unknown and unaffiliated person be scanning my network to gather information or run recon if they were not planning on attacking? I'm not saying that you're not right, I'm just saying that so far I have heard no valid non-attack reasons for portscans (other than those run by network admins against their own networks).
I scan networks and hosts very regularly for legitimate diagnostic purposes as well as occasionally for curiosity's sake. I've never
Legitimate diagnostic purposes would mean that you would not fall into the category of "unknown and unaffiliated". Curiosity's sake, well ... depends on whose network it is.
attacked any host or network that I was not directly responsible for. If you don't want the public portions of your network mapped then you should withdraw them from public view.
Agreed there. Defense is important. It might be good to note that I'm not giving a blanket condemnation of all portscans at all times; but as a GENERAL RULE, portscans from strangers, especially methodical ones that map out a network, are a precursor to some more unsavory activity.
BTW, please be one heck of a lot more careful with your replies. My original reply to you was not copied to the list and I did not give you permission to post a response quoting my words back to the list.
Apologies; my finger was a bit too quick on the 'g'. As this message came to the list, I will assume it is safe to cc the list on my reply. Sorry about that last. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui