[H-GEN] (AUSCERT#38535) Re: The recient spate of port scans and intrusion attempts. (fwd)

Anthony Towns aj at azure.humbug.org.au
Mon Jul 20 23:23:51 EDT 1998 

(subtitled: Road Rage on the Information Superhighway, or Catatonia
Online)

On Tue, Jul 21, 1998 at 11:10:58AM +1000, Martin Pool wrote:
[about whether telnet'ing to a random machine is the same as trying to
 break into it]

> Perhaps this is why banners are important: you can tell people exactly
> which doorknobs they're allowed to turn.  But then, making the initial
> connection to see the banner ought to be allowed.  

And then again, it's hard to put banners in a lot of places: telnet, smtp
and ftp ports are easy, but putting a banner on the nfs, smb or bind ports
is both a touch more difficult, and a touch less likely to be seen in any
event.

Some further analogies, for your amusement:

	* telnet'ing to a computer isn't "rattling the doorknob", it's
	  just politely tapping on the door and ringing the bell. Trying
	  to login as root with the password "toor" or similar makes a
	  closer match to rattling the doorknob, and trying to overflow
	  a buffer or similar would then be actively picking a lock.

	* telnet'ing to a machine might be fairly normal -- at least in
	  a Unix world -- but connecting to the nfs port is a pretty
	  abnormal thing to do, especially across the network, and
	  certainly without prior permission. Something like wandering
	  up to the tradesman's entrance, and hoping they don't check for
	  id too carefully.

	* on the other hand, treating the Internet as some quiet outer
	  suburb probably isn't too realistic; a better analogy, at least
	  for some sites, would be an inner city office block, with a
	  bunch of kids wandering past and waving their arms in front of
	  the automatic doors, hoping for one that'll open, then running
	  around inside. Whether they go inside to look at the pretty SGI
	  [0] logos, or to defecate on the carpets [1] is another matter.
	  But in some sense, building a big office block in the centre of
	  the city, then having the doors open automatically as people
	  walk past, doesn't really give you the right to accuse people
	  who decide to wander in of trespass.

etc, etc.

[2]

Cheers,
aj

[0] I've done this. Sun logos too. Pretty offices.

[1] I haven't done this.

[2] IANAL. This is not legal advice. Your mileage, and the sympathy of your
    jury, may vary.

-- 
Anthony Towns <aj at humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

      ``It's not a vision, or a fear. It's just a thought.''
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 434 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/19980721/86ee91ba/attachment.sig>

More information about the General mailing list