North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: "portscans" (was Re: Arbor Networks DoS defense product)

  • From: Greg A. Woods
  • Date: Sun May 19 13:38:56 2002

[ On Sunday, May 19, 2002 at 03:16:28 (-0700), Dan Hollis wrote: ]
> Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product)
>
> On 18 May 2002, Scott Gifford wrote:
> > Before choosing an onling bank, I portscanned the networks of the
> > banks I was considering.  It was the only way I could find to get a
> > rough assessment of their network security, which was important to me
> > as a customer for obvious reasons.
> 
> So for your offline banks, do you also go to the local branches at night 
> and jiggle all the locks to make sure their doors and windows are locked?

That analogy is fundamentaly flawed.  For one the Interent is never
locked after hours -- there is no "after hours", it's always open!

There are also no sign posts at every router on the Internet.  The only
sign-posts are the responses you get from trying a given door -- either
it opens or it doesn't.  Unless you actually try to go somewhere in
TCP/IP-land you won't know whether or not you can get there.  A good
firewall makes it appear for all intents and purposes that there's no
door handle to wiggle in the first place.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>