> Is it my ignorance, or does Gibson seem to not > really understand that the > port scans in question HAVE a valid IP...his systems > and therefore are > being returned, via his systems, to the attacker who > has just effectively > hidden his (her?) real IP by using Gibson's IP range > instead. Is this not > a form of spoofing? I think Gibson fully understands this...and he also understands that in the US, port scanning is not illegal. Therefore, no one can come to him and take an legal action against him if someone else scans his site. After all, even if someone does use the information returned from a port scan to then attack and compromise a site, once they start to do so, they no longer can use Gibson's site (at this point, anyway). Once they get the port scan data back, they have to either attack the target site directly, or launch their attacks through some other proxy or port-redirection mechanism. > Is Gibson suggesting that his unauthorised (by me) > and unwanted (by me) > checks of certain ports on MY system should not be > defined by me as attacks or intrusion attempts? They aren't. Regardless of what you may think or feel about the subject, the US legal system (and several European ones that I'm aware of) do not consider port scanning illegal. > Further, by what right does Gibson > determine that MY firewall/IDS is faulty because it > deliberately > generates reports to indicate that someone port > scanned me without my > authorisation? If someone scans the 10 ports or so > that Gibson's Shield- > Up product scans, I like to think that I have every > right to determine > that the person has attacked and possibly attempted > an intrusion on my > private systems. Maybe I'm completely wrong, after > all, IANAL. To be completely honest, your above statement doesn't make any sense to me...but maybe it's just me. I've handled "abuse@" emails for a large telecomm/ISP, and I've seen threats of legal action for single ICMP packets. "I like to think that I have every right to determine that the person has attacked and possibly attempted an intrusion on my private systems." Well, of course you do. You have every right to NOT believe what Gibson says. But I fail to see how a couple of SYN packets, most of which are most likely dropped by the firewall or responded to as closed ports anyway, constitutes an "attack" or "possible attempted intrusion". __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 11:53:40 PST