Portscans are evil!

No, they are not!

Understanding a portscan

Before talking about portscans it is needed to understand what ports are. To make the things easier I will use a comparison:

Imagine a big company building, several phones (the ports) and one central phone number (the IP number).

You stand infront of this building and are just curious about how many ppl work in that building. So you could walk in and ask the bouncer for a phone book.

But instead you choose another way: you simple call all possible phone numbers. Starting with 555-1111-000 to 555-1111-999 you write down a list with 'the phone rings' or 'the phone does not ring'. (Notice: you don't talk to someone, you quickly hang up if you hear a ring.)

This is called a portscan.

Lets go one step further: when the phone rings, you wait until the other side picks up the phone. Then you say 'Hello' and hope the other side says its name or function ("Accounting, Clarice here"). You write down the phone numbers and the function (the service).

This is often refered as a 'bannerscan'.

Where is the problem?

Hmmm. The problem is what the company owner thinks about your attitude to do this.

He might think that you collect knowledge and prepare yourself to break into his house by finding a security hole.

But our company owner misses the point: If there is a security hole, it is a hole in *his* house. So if he can't trust his house security, he has a general problem with his system: He offers public services (remember: you can call him from a public phone!) on the other hand he does not trust his own ppl. to handle the calls in a secure manner.

His security concept is broken.

And think about it a little more: What is easier: secure your home or hunt down all the ppl. all over the world (!) that collect informations about your home?

So what?

Well, if my computer ports are scanned, I lay back and think to myself: I trust my software. If I wouldn't trust my software, I wouldn't use it.

Lets think a little bit further: If you don't trust your software, why not assume the software is evil?

Every software that is running inside your secured area (remember: the ppl. you don't trust sit in your house and handle your phone calls) can act freely. From the software point of view it could hide itself, camouflage itself as a 'friendly well known software', trick out every intrusion detection system (because it has already intruded into your system by yourself: you installed it).

Ok, what to do?

Simple: Either shut down your public services or use a system you trust.

If you don't offer public services, there is no risk at all. Ppl. might try to connect but there is no answer at all, no ring, nothing.

Or use a system you trust. You currently do it: the browser you watch these page with.

And those yellowbelly admins?

They are a problem: they might write emails to your uplink, contact the police, fbi, nsa or other such agencies.

So if you can't stand the heat, don't get yourself into trouble. Don't scan!