On Sat, May 18, 2002 at 05:25:27PM -0400, woods@weird.com said:
[ On Saturday, May 18, 2002 at 13:48:27 (-0700), Scott Francis wrote: ]
Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
However a "portscan" is not an attack.
Precursor to an attack, certainly.
B.S. A plain old port or IP scan is nothing more than an information gathering excercise. Unless you're the one running it you almost certainly have no clue whatsoever why it was started. (Unless you can prove somehow that the scan pattern and/or packets matches a signature that's proven to be _unique_ to some known attack tool.)
And why, pray tell, would some unknown and unaffiliated person be scanning my network to gather information or run recon if they were not planning on attacking? I'm not saying that you're not right, I'm just saying that so far I have heard no valid non-attack reasons for portscans (other than those run by network admins against their own networks). -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui