Port scanning .. is it illegal? .. and other security themed questions

[smp]

If I were to say, port scan a whole block of addresses, then try to figure out how many of those addresses were running linux .. would that be illegal?
I'm curious.
It's one thing to port scan my own hosts and mess around trying to learn more about security, but it's totally another to sort of climb into the shoes of the script kiddie, to better understand.
Because I'm not about to attempt comprimising someone's system to use it as a scanner.

 

[WobbleWobble]

It may violate your ISPs terms of use policy. I don't know about legality though, but the chances of anything happening as a consequence is slim to none.

 

[Unforgiven]

port scanning is not illegal, port hammering is however. the difference is that a scan scans a range of ports on a range of ip addresses. hammering is the hitting of one port over and over with intent to breakdown a potential firewall or expose a security flaw. as mentioned it differs from isp to isp. if you feel you are being scanned without cause over and over you may want to bring it to the attention of the offending parties isp.

 

[smp]

The more I read about script kiddies the more paranoid I become.
I'm almost starting to think that one had better be a security expert to even attempt running a home mailserver ... I'm gonna replace my debian firewall with openBSD.
I just want to use some of the tools that the script kiddies use and get a first hand perspective.

My long term goals:

build a really solid firewall and DMZ
log everything
set up a honeypot
learn either iptables or PF and master TCP/IP (have grappled with Stephens TCP/IP illustrated, pretty hard, being that I'm an art school graduate and have no formal computer training, much less programming)
Learn C .. am learning php right now.

 

[smp]

There isn't enough time in the world, why must we work? :\

 

[smp]

and i can't wait till' I'm old and have no sex drive .. girls are a total waste of time!

 

[OffTopic1]

Originally posted by: smp
If I were to say, port scan a whole block of addresses, then try to figure out how many of those addresses were running linux .. would that be illegal?
I'm curious.
It's one thing to port scan my own hosts and mess around trying to learn more about security, but it's totally another to sort of climb into the shoes of the script kiddie, to better understand.
Because I'm not about to attempt comprimising someone's system to use it as a scanner.

Port scanning will not give you a good demographic of OS in use, because many users have routers & firewalls in place.

 

[Unforgiven]

using a program such as gfi languard network scanner can tell you what kind of operating system someone is running....

 

[smp]

I understand that nmap can as well .. by sending weird packets, you can sort out which type of OS it is based on what it does with those packets.
Anyone know what busboy is? I seen it running on 998 .. been googling for the past ten minutes and can't figure it out.

 

[AFB]

Can't you wanabe H4ck0rs post in the correct forum? Does this sound like an OS question?

 

[chsh1ca]

This really should be in the networking forum.

 

[smp]

Originally posted by: amdfanboy
Can't you wanabe H4ck0rs post in the correct forum? Does this sound like an OS question?

Why are you flamebait?


The reason I posted here is because it's OS specific, I'm strictly talking about *nix tools, *nix vulnerabilities etc .. What the hell is the point of parroting "wrong forum" .. it's been said once, leave it at that. Postcount ++ ?

What I was just about to ask actually .. is where in Debian can I find logs for connections? How do I go about turning logs on, period. For example, sshd doesn't keep a log that i can find, how can I make it log to /var/log? Is there something I need to do to syslogd or is there something I need to do to sshd?

 

[smp]

Seriously though, if you think it's the wrong forum, just wait till' a mod locks/moves the thread. There is no point (other than to start flames and upset people) to posting "wrong forum" .. especially when you call someone a wannabe hacker .. I've been here long enough to understand the rules, I posted it here regardless what you think, this topic is both networking and *nix .. and I'de rather post it here.
There are a lot of threads in this forum that are borderline networking/os questions. Just leave it be, the mods are here for a reason, you're just being flamebait, plain and simple.


edit: you're right though, the title is networking. I still think it belongs here.

 

[AFB]

Originally posted by: smp
Seriously though, if you think it's the wrong forum, just wait till' a mod locks/moves the thread. There is no point (other than to start flames and upset people) to posting "wrong forum" .. especially when you call someone a wannabe hacker .. I've been here long enough to understand the rules, I posted it here regardless what you think, this topic is both networking and *nix .. and I'de rather post it here.
There are a lot of threads in this forum that are borderline networking/os questions. Just leave it be, the mods are here for a reason, you're just being flamebait, plain and simple.


edit: you're right though, the title is networking. I still think it belongs here.

Sorry, I was just joking about the hacker part. I just forgot the wink. NM

 

[Soybomb]

Its legal although generally considered, rude, frowned upon, and often against an ISP's terms of service. If someone reports one of our customers as being a portscanner and can back it up with logs we warn once and then terminate.

 

[Eltano1]

SMP, don't worry about amdfanboy, he did exactly the same to me in the Networking Forum, it seems that he looking to increase his post #s by flaming in people's posts. It's the moderator job to decide where a post should go, I'm been here long enough to know when to shup up, and this is not the case.
I know that I might get flame to stand up and voice my concern, but I least someone will listen.

Best regards

Eltano

 

[n0cmonkey]

Because of your interest in security, I will be reporting you and the rest of Canadia to the US Homeland Security Division and possibly to the FBI because of possible DMCA violations. Posting this in a place accessible to people in the US is just asking for trouble.

Now that the BS at the top of this post has thrown off the idiots, ATOTers, and thread crappers that have already appeared... Script kiddies aren't the ones to emulate. My recommendations for tools to use ON YOUR OWN NETWORK (unplug the cable to the wall. Yeah, that one. You can do it. We have an online support group for being internetless for minutes at a time):
nmap
nessus
whisker (webserver specific)

And that's all I can think of off the top of my head. As far as good things to learn: Snort (combine it with ACID and you have some neat stuff) or SHADOW (is this even developed anymore?). IPTables or PF are great things to know. TCPWrappers can come in handy. Systrace (although this isn't network security specific), SELinux, stephanie for OpenBSD (I'm not sure what the support is for this though), PaX, arpwatch and probably a few other things. It's a lot to learn, but it can be fun.

 

[n0cmonkey]

Originally posted by: Eltano1
SMP, don't worry about amdfanboy, he did exactly the same to me in the Networking Forum, it seems that he looking to increase his post #s by flaming in people's posts. It's the moderator job to decide where a post should go, I'm been here long enough to know when to shup up, and this is not the case.
I know that I might get flame to stand up and voice my concern, but I least someone will listen.

Best regards

Eltano

Kiss some more butt while you're down there.


Just kidding, I want to increase my post count too. Or something.

 

[Eltano1]

n0cmonkey
:Q

cheers

 

[AFB]

I wasn't trying to boost my post count. I was just trying to warn him that what he was asking about might get him in to trouble.

 

[xyyz]

stephani for OpenBSD... care to elighten me?

and speaking of snort... anyone else think the document on a solaris 9 install can be written better? there's a huge hole in the mysql install to getting it up and running portion.

 

[kuritadelta]

Originally posted by: smp
If I were to say, port scan a whole block of addresses, then try to figure out how many of those addresses were running linux .. would that be illegal?
I'm curious.
It's one thing to port scan my own hosts and mess around trying to learn more about security, but it's totally another to sort of climb into the shoes of the script kiddie, to better understand.
Because I'm not about to attempt comprimising someone's system to use it as a scanner.

Not illegal but most network admins and ISPs will see this as a threat and take actions..
such as sending logs and notifying your ISP/host/etc..
If your ISP/host/etc get bunch of these complaints, you can be fined and/or service terminated by your ISP/host/etc..

 

[n0cmonkey]

Originally posted by: xyyz
stephani for OpenBSD... care to elighten me?

http://kaizo.org/mirrors/stephanie/ I don't know if anyone is going to pick it up though.

and speaking of snort... anyone else think the document on a solaris 9 install can be written better? there's a huge hole in the mysql install to getting it up and running portion.

IMO, snort install docs have been pretty weak.

 

[OffTopic1]

Originally posted by: xyyz
stephani for OpenBSD... care to elighten me?

and speaking of snort... anyone else think the document on a solaris 9 install can be written better? there's a huge hole in the mysql install to getting it up and running portion.

I personally find Snort documentation is terrible & it hasn?t change much in the last 4 years.

 

[n0cmonkey]

Originally posted by: OffTopic

Originally posted by: xyyz
stephani for OpenBSD... care to elighten me?

and speaking of snort... anyone else think the document on a solaris 9 install can be written better? there's a huge hole in the mysql install to getting it up and running portion.

I personally find Snort documentation is terrible & it hasn?t change much in the last 4 years.

What did you have problems with? I mostly had problems with getting it to log to a database, although I eventually got everything to work out.

I bought the snort 2 book, but I haven't done much with it....