[olug] users.olug.org

Jacobs, Robert A. RAJACOBS at northropgrumman.com
Wed Mar 12 19:31:32 UTC 2003


>From: Jonathan Warren [mailto:thechunk at cox.net]
>
>Yes I understand all this.  I am not condonign illegal access 
>to anything.  

Just for the sake of conversation...

I think the issue at hand is one of PR with the rest of
the net community.

Scanning from a shell account on a public server could make
the server owner look bad, perhaps.  All it would take is 
for you to supply the wrong IP address.  Next thing you
know, security at some company is on alert because they
think they are under attack from 3l33t h4x0rz and they
come looking for the culprits on the olug server.

Its not about legality, its about playing nice with others.

<snip story about how security through obscurity is pointless>

>I just don't see 
>the point in running from something that is very useful.  
>Again I am not condoning illegal access.  The information 
>provided by nmap is very useful.  

Most, if not all of us, have used nmap to scan our boxes.
A better solution (and more realistic anyways -- if you are
not satisfied with a local scan within your own home network)
would be to ask a fellow olug'er to scan your box for you.

>Why the fear of it?  

No one is afraid of the information, per se.  They are
afraid of litigation...a realistic fear in the DMCA world.

Also, keep in mind, that knowledge IS power and that power
in the wrong hands is dangerous.  I don't condone restricting
information in order to feel "secure" but I do think that
you have to use knowledge responsibly.

The responsible use of nmap is to use it within your own
network or to have someone you trust scan your system from
their system.  The issue at hand is the use of a public
server to accomplish this.

>Why not 
>leverage it to improve security across the whole network?  

I doubt anyone disagrees with this statement.  I think you are 
correct that we'd see an improvement in security net-wide if
everyone was checking their networks for holes -- but the
reality is that everyone is not and that activity like this
looks dubious when it comes from a public server (again, the
assumption is that you mistype an IP address or your account
is used by someone other than you) regardless of how well-meaning
the intentions of the scanner might have been.  

This brings up the whole White-Hat v/s Gray-Hat v/s Black-Hat
hacker argument...an argument for which, I would assume, an infosec 
officer would have little tolerance. To a White-Hat, everyone else 
is Gray or Black. :)
 
The infosec officers I've met (and, I admit, there are not many)
have tended to see all scanning very negatively -- primarily 
because they don't know what the scanner will do with the
information.  Gray-hats are probably trolling for consulting
contracts ("Hey, I found this hole.  I can help you fix that...
or I can let your poor, helpless customers know it by posting
the hole on this public board.") or, potentially, accessing
data that is proprietary or otherwise infringes the IP of the 
data owner.  Worse still, an unauthorized viewer could be
changing data accidentally.  Black-Hats are obviously trouble.  

If olug.org were my server, I would restrict this type of behavior 
because there is no good way to know whether or not the REAL 
"Jonathan Warren" is doing the scanning.

FWIW, I'm pretty sure Brian's stance on this issue is 
typical.

rob


More information about the OLUG mailing list