, SecurityFocus 2000-12-18
Federal court finds that scanning a network doesn't cause damage, or threaten public health and safety.
Expand all |
Post comment
Lame
2000-12-19
Anonymous (1 replies)
Anonymous (1 replies)
Lame (a reply by VC3)
2000-12-20
david.dunn (at) vc3 (dot) com [email concealed] (2 replies)
david.dunn (at) vc3 (dot) com [email concealed] (2 replies)
Your headline is misleading
2000-12-19
EJ (4 replies)
EJ (4 replies)
re: Your headline is misleading
2000-12-19
ThwartedEfforts (2 replies)
ThwartedEfforts (2 replies)
Your headline is misleading
2000-12-19
merk_man (1 replies)
merk_man (1 replies)
So if some one knocks on my door...
2000-12-19
garak (at) fastvcd (dot) com [email concealed] (1 replies)
garak (at) fastvcd (dot) com [email concealed] (1 replies)
I work for a security consulting firm. As part of that, we do "Ethical Hacking" or Penetration Attacks. We always verify with the client which IP addresses belong to him and ensure we have (in writing) permission to run port scans and other scans on those addresses, and we run our scans only on those addresses.
Yes, sometimes clients don't understand this - we had one client who refused to give us his IP addresses, on the grounds that "Real hackers wouldn't phone up and ask for this information". (We did a series on "whois" lookups on their sites, identified some IP addresses that we thought belonged to the client, and then asked him to confirm that these IPs did, in fact, belong to him and that we were authorized to attack them.)
A professional security expert should not be running port scans or ping sweeps or nmap or Satan or any other attack tool against IP addresses without permission from the owner, let alone without knowing who the owner is.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/126/4102#4102