Security Basics mailing list archives
Re: application for an employment
From: "D. Bolliger" <info () dbolliger ch>
Date: Wed, 5 Apr 2006 00:29:03 +0200
David Gillett am Dienstag, 4. April 2006 02.38:
Using a web server is NOT a port scan - in any manner.
It's getting a nitpick session. (apologies for my bad english)
A portscan makes a connect(), a web browser makes a connect(). Please explain where exactly you see the difference. Especially on layer 4.A port *scan* involves multiple connect() calls (which may or may not succeed), to multiple ports and/or multiple addresses. The connections thus established are not actually used to render the service for which the port(s) accept connections. Distinguishing between a web client access and a port scan isn't so hard. Why must you pretend they're indistinguishable?
I don't think he does pretend that, looking at the whole discussion and not only at this single post. It's just that the discussion lost it's focus, or has different focusses in parallel. And it's a dispute meanwhile. The connect() is common with respect to a single port of a single machine, be it done by a port scanner (if he does a full connect) or client application (if not misconfigured). A client application may take further action on a higher level. A telnet may connect to port 80 and then ctrl-c or wait for the timeout. A home made browser may not send headers. A port scanner may "scan" a single port, or scan ports with a delay of, say, one day between the connect()s. A service may be setup on a nonstandard port Nobody is obliged to render the service behind a port from the point he has connected. ... In practice, and especially since internet usage has got a mass phenomenon, there is surely a difference betwenn a "default" port scanner usage and a "default" main client application usage. But that's it I think. I think "Chavoux Luyt" <chavoux () gmail com> made a good point (besides others) in his thread "Is portscanning legal? was Re: application for an employment": the user (and provider) base of the net infrastructure is very homogeneous; what's normal for ones, is special for others. So, the dispute could be endless without coming to a common sense. Dani --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Message not available
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- Message not available
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- <Possible follow-ups>
- RE: application for an employment David Gillett (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Anthony Ettinger (Apr 03)
- Re: RE: application for an employment cwright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment David Gillett (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Re: application for an employment D. Bolliger (Apr 05)
- Re: application for an employment Micheal Espinola Jr (Apr 05)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)