[olug] users.olug.org

Brian Wiese bwiese at cotse.com
Wed Mar 19 06:46:28 UTC 2003 

a few remarks...

On Thu, 13 Mar 2003 05:44:04 -0600
"Thom Harrison" <tharrison1 at cox.net> wrote:

|CYA.  If I managed I site I wouldn't allow users to scan from a shell
|account either.  Especially when there are legit ways to scan your home
|system.

Understandable, it's the admin's choice.  As with all things though, a
zero tolerance attitude should not be the way to deal with all matters. 

|1) As mentioned, have a fellow user scan it.

This is an inconvenience to another user, time delay, relying upon a 3rd
party, bringing exposure/attention of possible holes to others.

|2) Online Scanners.
|
|http://www.inprotect.com
|http://www.blackcode.com 
|http://www.cybercops.biz 
|http://www.qualys.com 
|http://www.securityspace.com 
|http://www.sygatetech.com 
|http://www.auditmypc.com 

These are not common trusted port scanners like nmap is, and one has no
trusted idea/understanding of how they work.  Also these are probably run
from a web browser to scan a local system, which is not practical in all
cases.  If I want an accurate assessment that I can trust, can be
reproduced, and is truly from the perspective as others will see -- I
would use nmap.  

All nmap is doing is making simple connect() calls to available ports
(politely knocking on the door to see if anyone is listening)... none of
the advanced/stealth/tricky options where given to nmap to make it seem
suspecious.  When I nmap my box and see something odd (port 21 open? it
cant be!), I try to troubleshoot the problem.  One common step would be to
perform the same test on a random (preferably popular - one who doesn't
treat a port scan as an 'attack'!, but a common occurance of the net) host
(like google.com or news.com) and try to scientifically resolve the
problem.  

|3) Although not Linux related, you can also check Internet Explorer
|security with. ( I know, its an oxymoron )   ;-)
|http://browsercheck.qualys.com

I don't believe this was the intent, but it is another good test.

|Thom

It is nice to have other hosts to test from on the net, unfortunately not
everyone has this ability.  Keep this in mind, "if it deals with security
-- who do you trust?"

peace

  Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
------------------------------------------------------
  GnuPG/PGP key 0xF3220030 | "FREEDOM!" - Braveheart 
------------------------------------------------------  
This is not about Napster or DVDs. It's about your Freedom.
  I'll see your DMCA and raise you a First Amendment.
              http://www.anti-dmca.org

More information about the OLUG mailing list