Re: Scanning. Is it dangerous?

[arcade () KVINESDAL COM (Rune Kristian Viken)]

On Mon, 01 May 2000, you wrote:

> > My question is how the recognized simple scanning is described in your IT
> > security policy and why scanning is so dangerous for you?
> What useful purpose does a "user" have for scanning for random ( or
> specific ) hosts, or random ( or specific ) ports on your LAN or someone
> elses network ??

Sorry for the late answer.

You include "all categories" in your question.  I would like to concentrate on
"specific hosts" or "specific ports".  Everyone learns TCP/IP some way or
another.  I learned it by reading some material on "portsurfing" and "exploring
the net around you".  I picked myself hosts, and connected to well known ports,
such as 21, 25, 79, 80, 110, 119, and so on.  On the ftp, i tried to log in as
anonymous, and so forth.  I was exploring - and learning.

It also happened (and still happens) that I scan a host for "what services does
it run?  and what OS is it?" - just out of curiousity.

Also, when I receive spam I have a tendency to connect to the smtp server the
spam originated from.  Check their maild version and so forth.  If its an old
sendmail, I scan their lower ports -- and more often than not find that the
system has more holes than swiss cheese.  Its time to contact the admin, and
explain something about "network security" to him.

In other words, there are three very good reasons (probably more) to do a bit of
"scanning".  You *learn* by it, you satisfy your *curiousity* on what the other
host is actually offering, and if you receive unwanted material(spam), you can
check if it probably was relayed through the host (and therefore contacts them
politely) - or if it probably was done,with purpose, by the box' admin (that's
when you contact their ISP, politely :).


--
"Rune Kristian Viken" <arcade () kvinesdal com> / arcade@irc (EFnet/IRCnet)