Sportbike World banner

Port scanning

1K views 11 replies 5 participants last post by  hapster 
#1 ·
[RANT]Man my fire's lit. I just realized that a site I visit is doing a port scan on every visitor to it. While the average Joe doesn't understand the implication, I'll paint you a picture.

People who want to crack into other people's computers figure out which ones they want to attack by initially doing a port scan. In industry this is widely seen as an attack, regardless of the reasons, if the user hasn't given their express permission. Since you have to visit the site to see any warning about this, the admin's effectively taken the "I'm the Almighty" angle. People have been fired and lawsuits have been brought against such individuals before. Anyway, his cover is that they're "checking for proxy servers". Nice idea, but impractical in reality. You can detect these if you check your firewall logs.

Guess I won't ever be going back. Worst of all, I know this Admin's the type who wouldn't hesitate to plant a nice keylogger or other attack on anyone's computer.[/RANT]
 
#2 ·
Here's a street-level description of what port scans amount to:
There are many analogues to the physical world that attempt to explain the ethical implications of port scans. Some describe port scans as "going around in a parking lot checking cars to see if the doors are unlocked," and "checking each door in a neighborhood to see who is home." I want you to (a) create your own analogue to port scanning that captures the ethical essence of the activity, (b) describe the ethical issues you address by your analogue, and (c) describe how your analogue accurately explains the ethical aspects of port scanning to a lay person. Use the analog to show how California Code section 502 and the RUP is applied/misapplied to port scans.
Thanks Cal Poly!
 
#4 ·
Care to share what site it is so that we can not stay away from it?
 
#5 · (Edited)
sidewaysducati said:
If I could be permitted a stupid question, what's the worst that could happen?

Someone 'gaining control of your system', as they say on the Microsoft website? A total catastrophic hack, resulting in a forced format?
How about a stolen identity in the REAL world? How about emptying of your accounts?

People have all kinds of information on their computers.

EDIT: Other thoughts. Computing is in a its growth period for the judiciary. It has not been determined who's at fault for crimes committed through other people's computers. Or with other people's electronic credentials. And, it is the basis for SPAM and denial of service attacks, which means law enforcement gets involved.
 
#6 ·
Jester said:
Care to share what site it is so that we can not stay away from it?
Actually, there's an interesting dichotomy to doing this. I've been here before with another site and opted to not list the site for (experienced) fear it would only draw attention to the perpetrator.

Gee, that's pretty hypocritical, huh? Bitch about it but not be specific? Maybe I'll just blow this threadaway. I suck :( I'll sleep on it.
 
#7 ·
kanwisch said:
How about a stolen identity in the REAL world? How about emptying of your accounts?

People have all kinds of information on their computers.

This is why I never conduct business over the net. Online ordering and banking just hasn't been around long enough to inspire any confidence in the average user.

They look at me like I'm a fool when I go into the bank and refuse their pitch for online banking. Foolish like a fox, bwahaha.
 
#8 ·
kanwisch said:
Actually, there's an interesting dichotomy to doing this. I've been here before with another site and opted to not list the site for (experienced) fear it would only draw attention to the perpetrator.

Gee, that's pretty hypocritical, huh? Bitch about it but not be specific? Maybe I'll just blow this threadaway. I suck :( I'll sleep on it.
Do I have some idea of who/where this is? :D
 
#9 ·
spicersh said:
Do I have some idea of who/where this is? :D
Actually, no. That's a can of worms I'll never re-open. But you've heard of the site.
 
#10 ·
kanwisch said:
Actually, no. That's a can of worms I'll never re-open. But you've heard of the site.
You know, for some reason I really wasn't thinking of the site/admin you and I had trouble with. I was actually referring to the....uhhh....affiliated sites?
 
#11 ·
spicersh said:
You know, for some reason I really wasn't thinking of the site/admin you and I had trouble with. I was actually referring to the....uhhh....affiliated sites?
Well then yes, you've surmised correctly.
 
#12 ·
sidewaysducati said:
This is why I never conduct business over the net. Online ordering and banking just hasn't been around long enough to inspire any confidence in the average user.
True, but with the proper precautions, the activities can be as safe as any other form of shopping/banking. Most of the time when someone gets scammed online, it's because the were duped into going to a site and entering personal information. You know the routine: This is your bank and we need you to go here and update your records. Or they open an e-mail attachment that installs a key-logger, etc. Those people are gullible, naive, stupid, or whatever you want to call it.

You can take precautions to keep your system safe, but most people don't do it. The averge XP home user is using an admin account that doesn't even have a password and isn't fully patched. No firewall, no virus protection (or it's not properly updated), no checking for spyware, etc.

Me? My home network is behind a hardware firewall and all the systems on it are run with limited user accounts. I very rarely log into the admin account because there is no need. But trying to convince others of this is like talking to a brick wall.

OK, I'll get down off my soapbox now.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top