Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: port scanners

  1. #1

    port scanners

    whats the real use for port scanners and how can i protect my self from being scanned?

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Port Scanner:
    The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.
    Port scanning in and of itself is not a crime. There is no way to stop someone from port scanning your computer while you are on the Internet because accessing an Internet server opens a port, which opens a door to your computer. There are, however, software products that can stop a port scanner from doing any damage to your system.
    From Webopedia

    You can not protect yourself from being scanned, but you can protect yourself from returning any valuable information back to the scanner by using a firewall or a firewall with IDS. Personally, I run a SmoothWall with IDS and the Guardian modification. Guardian will take any IP address that sets off my Snort sensors (Port Scanning would set this off) and places them into my IP Block List. I feel like this system(Firewall combined with IDS) protects me from 99.9% of attackers. There are ways of scanning that can bypass firewalls and fool IDS's but these methods tend to be too advanced for the average skiddie that would be scanning a home PC to begin with.

  3. #3
    I'd strongly suggest you obtaining a port scanner, and scanning yourself to figure out your own systems flaws. It'll just scan ports to tell you, which are open|closed, and if you're using a good one "filtered". Of course, open ones and filtered would be what should catch your attention!

  4. #4
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    In addition to NeuTron's post you might want to know that port scanning is generally frowned upon by some ISPs(there not being a very justifiable reason for home users to do it) and in some cases,can result in the ISP barring your account.
    Have fun

  5. #5
    thats nice to know, but aol or yahoo apperently don't care. if i scan someone or not. but, when i do scan someone i do tell them that this or this port are open and they should do something about it to prevent a "hacker" from using it to their advantage.

  6. #6
    Port scanning, is in no way illegal, and I've personally never had any ISP bother me with it.

  7. #7
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Port scanning, is in no way illegal, and I've personally never had any ISP bother me with it.
    Ok, seriously don't give legal advice unless you know what you are talking about.

    Port scanning may or may not be legal depending on the situation, location, and results.

    Article 2 from the Explanatory Report of the Convention on Cybercrime ( http://conventions.coe.int/Treaty/en...s/Html/185.htm , the source I had on hand, viewing laws from every relevant country/state would be too much of a mess here) reads quite vaugely. It is arguable that port scanning a system falls under the catagory or "without right" or beyond "appropriate use."

    This becomes a lot more clear if the scan effects system availiblity, as several systems and firewall types have been known to die under reasonable nmap scans. At this point you have commited a crime, perhaps unintentionally, but mixing "without right" and an "attack against availibility"... bad idea.

    Also, if the system must adhere to a government standard requiring investigation of IDS trips, and if your scan trips the IDS... you've now incurred a cost on that organization, again "without right."

    The law is largely unclear, but you would be very foolish to think that port scanning is in "no way illegal", regardless of what your ISP allows you to do. (most just plain don't care so long as your check clears, and to be perfectly honest, they don't need to care)

    cheers,

    catch

  8. #8
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    This becomes a lot more clear if the scan effects system availiblity, as several systems and firewall types have been known to die under reasonable nmap scans. At this point you have commited a crime, perhaps unintentionally, but mixing "without right" and an "attack against availibility"... bad idea.
    catch makes a very incontrovertible point here, although I would have worded it as “ may have committed “ , again, depending on where the offense originated and where it occurred.

    Many laws are worded as “ knowingly or negligently “ or similar, and many, especially concerning electronic communications, are considered occurring at the point of origin and/or at the point of where it is received.

    So even if you didn't mean to, the fact that you did so could be considered violating the law. And if the country where, say the server that was attacked had laws that said you could be fined the equivalent of $10.00 U.S. dollars, the country that you originated the attack from could mandate life imprisonment or worse.

    There is ever increasing cooperation ( due to political pressure, etc. ) between countries for penalties and prosecution for such offenses.

    This isn't the 1970's. People are becoming more aware ( albeit slowly ) of computer related offenses. What is and is not acceptable is still being worked out, but do you want to be a test case?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  9. #9
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    And to clear your doubt Tetrismaster101,they DO care...just not enough to listen to a scrippie telling them that port 80 or 25 is open,on a side note...do you realise how many scans companies like those get every day?You cant expect them to try to track every user(in fact,they dont track any..they just add your IP to their logs and that's that)
    Cheers

  10. #10
    This becomes a lot more clear if the scan effects system availiblity, as several systems and firewall types have been known to die under reasonable nmap scans. At this point you have commited a crime, perhaps unintentionally, but mixing "without right" and an "attack against availibility"... bad idea.
    Catch,
    you're getting more towards denial of service, which nmap does have the possibilty to do. But, the intentional would be obvious if values were set "nmap -T 5 -M 1000...", which may I add, shouldn't be considered a "reasonable" scan.

    An investigation of IDS logs, wouldn't have to follow any "goverment standards", if it wasn't on RIPE registries; or root-servers. I would hope "Tetrismaster", would be intelligent enough not to try and scan the DOD for example.

    But, maybe I was pushing it with the "in no way illegal" reply.
    I guess, I just hoped most people would face port scanning in a more ethical way.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •