North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port scanning legal

  • From: Deepak Jain
  • Date: Tue Dec 19 15:07:34 2000

On Tue, 19 Dec 2000, Alex Rubenstein wrote:
> On Tue, 19 Dec 2000, Shawn McMahon wrote:
> > How many ports must be scanned before you deem it an attack?  Is one port
> > enough?  Five?  50?
> I don't deem a port scan as vicious or an attack.

Without muddying the issue, while a port scan might not be considered
(legally or operationally) as vicious or an attack, one need not feel
obligated to allow it (at a router/firewall level) or support it or ignore
it for that matter. 

I don't support people screaming that someone's dial-up connection should
be shut off for it, but that doesn't mean a thoughtful admin can't keep an
eye on machines that have scanned his/her network. 

I liken it to driving into someone's driveway. They _might_ just be
turning around, they _might_ just be lost, they _might_ be planning
something nefarious. It doesn't make you call the cops instantly, but it
doesn't stop you from taking note of their license plate, description or
other vital details.

Deepak Jain