New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Sorry guys, I live and act in the reality. It's simply not worth the effort to argue with people who are belief based. So, this is my last attempt ...
For a start: What is the difference between connecting through a browser, telnetting, and sending a packet to someones http port? After all it was him who put his machine on the internet and obviously he wants people to connect to it.
Next step: what is evil in testing whether some system has port X (e.g. 80) open?
Then: What is evil in looking whether some system has any of 1000 or even 65k ports open? The only evil - as I said - could potentially be to do those tests very fast or to do them in a wicked way.
Again, keep that in mind: the person running that system is the one who made the decision to expose it to the internet. He wanted to be there, "exposed".
So, the difference is whether one scans polite (not fast, not brutal, and in fact trying to avoid creating any disturbance) or not and whether one does it massively (e.g. whole /20) or occasionally and selectively.
@ahnlak
Please note that I'm not in a position needing to defend myself, nor are you in a position to push me to. I have - unlike you! - provided some arguments while you simply play the game of stating something you believe and demand that anyone disagreeing should explain and even defend himself and try to convince you.
Try that with someone else because with me those games don't work.
It's like having a door. You need it to get in and out to/from your home. It have to be "exposed" so things can work. If someone knocks your door, he/she have something to say to you. You don't want random people knocking your door just to see if it's open or not.
I think that this got nothing to do with believes... and the question for a reason to probe someone elses stuff at all is a valid one.
reality check: do you occassionally check if some car doors are properly closed on the streets. only gentle of course and without any reason.
just because the owner bought it and parked it somewhere knowing that it is now "exposed"?
wouldn't you ask yourself what someone else is doing, if he gently checked if your windows or doors of your house are properly closed? I mean, you put it there and decided to expose it to the world...
of course I am exaggerating, but probably the question for the reason was not even intended to put you into defense but genuine curiosity if valid reasons might exist - so why not provide one?
Debatable. Many still believe you're the consciousness of @bsdguy uploaded onto a HostSolutions VPS.
Blatant broadcasting packets/port scanning is fine & dandy within an organisation, indeed port scanning is nearly a pre-requisite for Enterprise Management (my old specialism). Doing the same within a 'public' environment, such as with a server/VPS provider is pure crass and should be banned.
In today's gigabit network environments a couple of hundred/thousand scanning packets might not seem much of an overhead but consider the processing that each NIC, firewall, message queue has to do.
When was the last time that you checked your server messages? Just look at the quantity & frequency of local packets, let alone the idiots from external sources.
Prime example, is this fuckwit windoze luser broadcasting SSDP ..
House entries and car doors are not meant to be used by everyone. Server ports are. That's a decisive difference.
As for valid reasons for port scans I didn't answer for a simple reason: my answers would simply be (ab)used to argue more.
Let me be clear: I have had servers and VPSs since about 15 years and not once did any provider complain about me doing evil things or abusing the system. Not once. Note the "occasional" in my statements above. "Occasional" as in "a couple of times per year and some years not at all". A typical reason for me to do a portscan (besides being asked by a friend or client) is when I am attacked and want to learn a bit more about a system attacking me.
I just told someone here that I'm not easy to be pushed into defending myself based on beliefs and "everyone knows" religious statements and now you try that?
Two short remarks: (a) My responsability for what others think is quite limited, and (b) HostSolutions? Seriously? You might want to read some of what I've written to/re HostSolutions ...
Closed ports are not meant to be used.
Even open ports are sometimes meant to be used only by specific users. That's why knocking ports which are not meant for you is abusive.
And how would I know which ports are meant for me?
Besides, a major part of this discussion is about shifting of responsibility. You know, if I do not want some ports reachable I'm free to configure my system accordingly, to use a firewall, etc.
In case someone wants to bring up that port scanning puts load on the target, uhm, have a look at your logs. I see thousands and thousands of nonsensical (and usually some evil ones too) packets coming in that for whatever weird reason (according to your logic) seem to be considered problematic. Add to that all the robots, crawlers (many of the not welcome), facebook crap, and so on.
So how about those? Am I really entitled to only receive traffic I desire? Of bloody course not!
And again, I'm talking about occasional and polite port scanning - which also means that it puts a burden on the target that ridiculously insignificant compared to lots and lots of incoming crap.
Sorry, but the world isn't black and white, there is not only "hackzors!!!" or else "desired nice traffic" but a large grey zone too.
See, despite insisting that you can't possibly answer a reasonable question, you did in the very next paragraph. Go you!
Then again, that's a moronic reason unless you're looking to go all black-hat, internet tough guy on their server rather than just blocking their IP and firing a snotty email at their provider like the grown-ups do.
Thanks for amusing me with your vain attempt to paint yourself as somehow superior ("grown up").
I'll reward you with an answer: because unlike some "grown ups" I like to investigate. One reason for that is that understanding attacks is a good basis to develop defenses.
Hell yes! Or else you also support/encourage cold calling, whether it be at your door or on your phone. Ex-directory and Telephone Preference Service do little to stop it. Then there's spamming.
Targetted commissioned port scanning is a different matter entirely.
Well, I respect and understand your view but I disagree, at least wrt internet servers.
I does surprise me that we are diametrically opposite on this one.
[Paraphrasing: Access to this system by unauthorised personnel is illegal]
I did not read anything else you posted. I get a few words in and I typically glaze over when reading your posts.
I don’t want to read anything you post, I find you dreadfully boring, as I alluded to above. Thanks for keeping the points short though, thanks to that I was able to read it all without wanting to fall into a coma.
Nuh, we aren't diametrically opposed. It just looks like that because you come from one perspective (with which I normally agree) while I came from the perspective of challenging believe based, "everyone knows", and gratuitiously accusatory comments.
I guess the truth is somewhere in between the extremes. Yes, one should usually not port scan systems of others - but - doing it is not automatically evil but it can have acceptable reasons, especially when not done mindlessly and recklessly.
Keep in mind how this topic was born: Hetzner warned someone off due to (not further specified) port scanning. That is what I challenge.
@Nekki
What a happy guy I am. After all I, the dreadfully boring guy, was lucky enough to get a comment from you. OK, OK, it's utterly worthless that comment and nothing to do with the thread topic whatsoever but that's OK, I'm modest.
u like to argue then complain about getting into arguments
Which is not fun to read. So, I just skip after 2 lines.
Tbh, for their prices, I'm a bit shocked at how well they handle abuse complaints already. It's likely an uphill struggle for them to keep their range clean and prevent floods of abuse complaints. Generally a complaint like these is an indication that more are about to start coming in.
I've been on the other side where abuse complaints come in at a rate that you could hire two continents and never answer them all. Shutting people off early likely reduces that.
No. I dislike mindless arguing, fighting for "everyone knows" and beliefs without checking them.
I am not exactly sure exactly why port scan would warrant a block, unless you are literally DOSing the target or poking a bit deeper than that.
Scenario 1: Someone is tasked/hired with performing a quick external vulnerability assessment/pentest. They buy a cheapo VPS and go to town port scanning client's subnet. It is not illegal and moreover - they have permission.
Scenario 2: My competitor is a one-man-show. I buy VPS from him and proceed to port scan the world at 10pm on a Friday night. Worst case scenario - I ruin his night. Best case - no more competition.
Please do that, for us, for the justice.
If I have ever needed a specific port to connect to any service, it has always been told to me when I have registered or when I was told to connect there. I think it works similarly for everyone. If not, you should ask from server admin which port to use. Not to scan the server. Default ports like http just works. There's no need to scan those ports either.
[sarcasm]Next to the fact that posts on LET are known to contain nothing but the truth[/sarcasm], OP clearly pointed out that his IP was scanning an IP range so they just dealt with this like they should've. Scanning an IP range is simply not legitimate. I'm only surprised by the fact they gave OP another 24 hours to fix it before locking it down, pretty sure other hosts would've locked it down right away.
Your tears nourish me.
Do you have permission from the owners of those vps/ips to scan their port?
Can you show us some legislative documents that state you should have an official permission to scan someone's port on the Internet? This thread's absurdity is on its top, there are too many people who just defend the pure nonsense. To all of those: welcome to the Internet, a place where people can do whatever they like. You can't stand your ground by configuring the firewall - you lose.
Port scanning can have malicious intent and frequently does (or it can be just ignorance - no defence). This may well fall under Computer Misuse Act (UK). I rest my case.
Plus, try reading the text of many provider's TOS and it specifically says no port scanning. Unfortunately, in many cases these same providers don't appear to monitor/act upon the activity in question.
Shut down client machines past work hours and for the weekend.
I have some experience with portscan detection, as most of my 10+ VPSes are used for that. And I do report to Hetzner when portscanning originate from their network.
Whether a VPS user could intentionally scan against others' IP addresses should be determined at least by the TOS he agrees to. But portscanning sometimes come from compromised computers/VPSes, without their owners knowing that. They are really the victims of cyberattacks. Reporting those incidents gives the victims a chance to clean up their computers/VPSes, and make the Internet safer as a result.
As my VPSes provide no public services to the Internet, even a single connection attempt will be considered "suspicious" and get reported. Sometimes abuse contacts will reply to me that those connections are performed by "security researchers."
Well, "range" can mean a lot. /30 is a range just as /16 is a range. More importantly though any provider worth his salt can differentiate between someone scanning a couple of IPs in a polite way and someone scanning whole /24 or larger and in a malignant way.
IF OP scanned considerable ranges, say beyond /26, or in a malignant way then Hetzner was right. I'm certainly the last one to say that malignant and/or sizeable port scanning is OK.
But I'm also the last one to accept snowflake "reality" and funny rules. The internet IS a "jungle" and not a dinner in tuxedos with polite people. The internet is a place where tens, if not hundreds of millions of passwords and user data sets are stolen every week, where law enforcement almost always comes way too late and with the wrong equipment, where people sh_t on the rights of others (shouldn't we know that here with all the "no DMCA" requests?), etc, etc.
And you are all excited about someone doing some port scans without even knowing any details about it? Really?