Security Basics mailing list archives
RE: application for an employment
From: "John E. Fleming" <John () parcassets com>
Date: Mon, 3 Apr 2006 14:42:04 -0400
I like this idea of thinking. So if a bank leaves the vault open does that make it legal for me to load up as much cash as I can even though it may have been left open unintentionally? Or could it be that the door has not been left open intentionally therefore making it illegal and the proper authorities should be notified to fix the issue. I came late into this conversation so my analogy might be off. Regards, John P.S. If I have a port open on my network that I do not know about and someone scans it. Be aware it will be logged and I will prosecute anyone and their grandmother if they enter unauthorized. -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Saturday, April 01, 2006 2:14 PM To: security-basics () securityfocus com Subject: Re: application for an employment On 2006-04-01 Craig Wright wrote:
If you port scan to find everything, how long does it take you to find anything?
We were discussing whether I'm allowed to do that. It doesn't matter to this discussion how long it takes me or if personally do it at all.
Lets take the example of seeing if there are other ports open. How do you think that scanning will find public valid services?
An open port is a public service, unless the service requires authentication of some sort.
Or are you stating that you are looking for other services that are NOT public - such as SSH or Telnet which are not secured?
Nice rhetoric. But wrong.
Are you looking for SMTP servers so that you can check if they have an open relay? Are you looking for FTP servers that are not locked down so that you can load files without permission?
Again you wrongly assume I would need permission beforehand. I don't. Just like I can walk through the mall and look what shops are there I can look at a host and see what services it provides. I can even enter the shops and look around, as long as there's no sign telling me to "go away".
Looking for port 80 will not always find a web site (nor will it help find information). A single IP address can have numerous sites that are accessed using host headers - so knowing the IP may not allow access to the site per se.
We're talking about layer 4 here.
Please explain what you are looking for - what VALID reason you have to scan for open ports.
No, Craig. Please explain, what VALID reason I have not to. I said it before, and I'm going to repeat it: the Internet is a public network, and so all hosts on it and all services provided in it are public, too. I have no reason whatsoever to assume that a service is provided unintentionally. And PLEASE get your quoting fixed, because it sucks. Big time. Regards Ansgar Wiechers -- "Der Computer ist da, um zu rechnen, nicht um Ausreden wie 'Kann nicht durch Null teilen' auf den Bildschirm zu schreiben." --Marco Haschka in de.org.ccc ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ ---
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: application for an employment, (continued)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Anthony Ettinger (Apr 03)
- RE: application for an employment Mike Fetherston (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Raoul Armfield (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Ramsdell, Scott (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment John E. Fleming (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment onowlin (Apr 03)
- RE: application for an employment Craddock, Larry (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment c.s.wright (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Message not available
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 05)
- RE: Port scanning/illegalities Ramsdell, Scott (Apr 06)
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 06)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)