Notifying the infected?

Several times every hour my firewall announces a port scan. Usually when I check the IP it is local to my own internet provider. I'm supposing these are infected machines which are trying to spread their disease? This makes me wonder if some sort of warning message could be sent back to such a machine? Is that possible? Has that ever been done by a product?

Reply to
Davej
Loading thread data ...

So what?

Why? A portscan is a perfectly valid means to discover what services (or rather listening sockets) a host provides. There's nothing wrong with that in itself.

I'd hope no vendor would be *that* braindead. OTOH there's always Symantec, of course ...

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

A host? Since when am I a host?

Reply to
Davej

formatting link
cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

So just what legitimate services would anyone be hoping to find at some random node?

formatting link

Reply to
Davej

Whatever service that random node is providing? This may come as a shock to you, but probing a host's ports really is the only way of discovering which service(s) that host provides.

So?

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

That doesn't mean that anyone has a right to scan for open ports on some random machine; a prelude to exploits (including attempts). Some places have laws against such action.

Reply to
D. Stussy

It most certainly does. You connected the machine to a public network, and - repeating myself - in any TCP/IP network probing ports is the only way of discovering what services a given host offers.

A portscan is not necessarily the prelude to an attack. And a portscan most certainly isn't an attack in itself.

Fortunately most places have legislators with at least half a brain and don't.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

That's like saying that spammers have a right to spam you - and you must accept their crap.

More often than not, it is.

...And don't what?

Reply to
D. Stussy

So, it is completely legal to conduct port scans, but -- why conduct port scans when you won't have permission to use the services that you may discover? Your argument seems to be that you can freely use any service that you can find, but can you perhaps cite some evidence for that?

Reply to
Davej

Who says I don't? Besides, even if I don't, what exactly would that change about port scans still being perfectly legal? (which in turn renders your whole "notifying the infected" point moot)

You connected your server to a public network, so I'd suggest you cite some evidence that I am not allowed to use a service that you made publicly available.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Well, unless there are laws against spam, they do have the right to spam you. Sorry to burst your bubble. However, nobody's forcing you to accept their crap. Just like nobody's forcing you to accept connections from anyone. There's packet filters, there's encryption, there's authentication. Heck, there's even the option of NOT PROVIDING SERVICES YOU DON'T WANT TO PROVIDE, silly as it may sound.

You have some figures to support that opinion, I suppose? Not that it matters, anyway, because even if we assume it to be true, the assumption that *every* portscan came from an infected host trying to spread its disease would still be invalid.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Read again.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Not so, a private business has to have the port open for their employees to use.

A poor analogy follows: Think about the Internet as a road. You cannot just stop at any building and enter it because it is on the road.

Several states in the USA have gotten tired of your excuse being used by hackers. Any unauthorized access is criminal trespass. That means a ping is trespassing.

Just one example:

formatting link
33.01. Definitions (1) "Access" then 33.02. Breach of Computer Security (a)

Reply to
Bit Twister

That's what authentication is for.

Your analogy is indeed very poor, because with TCP/IP any driver on that road can only distinguish between a building he can or cannot enter by actually trying if the door is locked (port closed), open but declared private (authentication required) or open to the public (any other case).

Several states in the USA seem to have very poor understanding of how the Internet and TCP/IP work.

Answer me this question: how do you get authorization to use any service on the Internet (like, say, Google)? I don't recall ever having requested or being granted explicit permission to use their service.

Also - speaking of Google - you just declared the business of every search engine existing to be illegal. If you don't understand why: take a look at how spiders work and then ask yourself how *they* get permission to do what they're doing.

IOW you just requested nothing short of the Internet being shut down.

Which is simply ridiculous.

formatting link
Read 33.01. Definitions (1) "Access"

"If you have reached this page, the content you are seeking has been moved."

Besides, according to your own logic, I just commited an act of criminal trespassing by accessing that page, since I never got express permission by its owner.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

But the human is doing the driving, not the driver. :)

I hear what you are saying. google example would be you going into a Wallmart or any business open to the public,

Heheheh, yes I know about spiders. And yes, Technically google is breaking the law.

NO, anyone can drive around on the internet, just not allowed to drive onto just anyone's property.

But has to be that way to keep hackers lawyers saying "but system allowed it"

Sorry, I did not check the link. It has been awhile.

formatting link
Penal Code, Title 7, Offenses Against Property, Chapter

33, Computer Crimes, is quite clear about unauthorised scanning.

Read 33.01. Definitions (1) "Access" then 33.02. Breach of Computer Security (a)

Not my logic. Just a fact of law.

Your logic is not going to be a defense if you access a power substation or water damn/lock control system.

Reply to
Bit Twister

Har.

However, the only way to distinguish Walmart (or Farmer Fred's Produce Plant) from Joe Average's house is to go looking. Which technically means to send packets of some kind.

Technically that kind of law is breaking the Internet.

Keep in mind that this doesn't apply only to Google, but to *every*

*single* entity using the Internet.

That's like saying you can drive around public streets, but you can't get off (or even look around) anywhere. Makes the whole thing rather pointless, don't you think?

And just in case anyone was wondering: yes, on the Internet "looking" does mean sending and receiving packets. That's how TCP/IP works.

Only if you believe that people do have the right to remain ignorant. Which I resent.

And, repeating myself, it in turn would mean that nobody can legally use the Internet. Ever.

Basically this means: unless you can assume the owner's implicit consent, every single Texan citizen using the Internet is in violation of the law. I'll leave it as an exercise to the reader to decide how sensible this point of view is.

Not where I live. And AFAICS not in most other places.

*sigh*

Did you ever ask yourself why that kind of system should have any connection to the Internet in the first place? Doesn't the term "due diligence" mean anything to anyone except me anymore? In my book, not the person accessing that kind of system ought to be prosecuted, but those who failed to properly secure it. Tar and feathers come to mind.

Like I said above: I resent the idea that people have the right to remain ignorant.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

This is indeed correct, particularly so with the additional protections afforded by Vista and Windows 7. Kudos as well for highlighting that the default configurations are more to blame than the OS itself.

Also worth mentioning that a user also needs to be smart enough to not be using Internet Explorer here the past 2 weeks since there's very public 0day code available and no fix yet from Microsoft.

And updating everything with the Adobe name on it twice a week as needed.

Adobe is a bigger threat to internet security than Microsoft is these days by probably an order of magnitude. Their shit is pourous as hell, and there's still no auto update mechanism that works across Flash, Acrobat, and Shockwave Player.

Reply to
Regis

There are laws against spamming. There are laws against unauthorized access.

Obviously, a port scan performed by the host's owner or agent is not. A port scan performed by a stranger is - for there's no other reason for such other than to find exploitable resources.

Answer the question. You have a hanging auxillary verb.

Reply to
D. Stussy

I'm debating the "unauthorized" part when it comes to hosts on public networks. I already explained in another post why requiring explicit permission would ultimately break the Internet, so I'll simply refer you to that post.

Apparently not. I thought so.

Remove the word "exploitable" and you're right.

You lack reading comprehension. The answer to your question lies in the part I underlined.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Using a specific, well-known service that is meant for public access isn't going to fit with "unauthorized" (at least at first glance). Scanning a site for nonstandard features and those not meant for public consumption is, especially when followed with an exploit attack.

I don't see where I have the burden of proof. You went first, so you need to demonstrate your assertion.

If by that you meant that "don't have laws", the CORRECT English would be:

"...half a brain; some don't."

Learn to write PROPERLY before accusing your reader(s) of misunderstanding.

Reply to
D. Stussy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.