Slashdot Mirror
Anti-Censorship Efforts And Port Scanning
scubacuda writes "According to Wired, the University of Toronto's Internet Censorship Explorer permits people test the limits of national and organizational Internet-blocking schemes. Users enter a target URL (and a country), and the software then scans the ports of available servers in that country, looking for open ones to connect on from behind that country's firewall. Many consider port scanning a gray area, as it's often used by various hackers to find vulnerabilies that can be exploited."
So someone has set up such a service, will this not be illegal in several places, and will not the local authorities become involved via International agreements? Sound stupid to me.
Darn, Iraq isn't listed. Just trying to do my part for the effort.
I used to have a good sig...
So now the countries will just block that site too. How useful.
<high-level position here>
<name of stupid small company here>
Portscanning finds things that are not meant to be open.
For example, IIS web services that MS "trusts" enough to give full system access to.
First of all, allow me to say that this was a VERY simple webapp to create, and I encourage everyone else to make something similar.
Secondly, allow me to state that this can get you into trouble. We lost on member (though we aren't allowed to speak about it) to some foreign agent. She was about to date four of the other developers (I was included) and disappeared right before the dates. The police could not find any evidence of foul play so it was dismissed.
However, the FBI and CIA started asking questions around campus. That's when we thought something was fishy.
If anyone knows the whereabouts of Anne Malle, please contact me!
Yeah, I'm a Republican AND a geek. It is possible.
"They're obviously using resources that would not normally be available. Using someone else's resources without their knowledge is abhorrent to us."
Of course, the people with the open proxies have provided a public service to the world. His argument would be similar to someone setting up a website, and then complain when someone uses it without their knowledge. Or putting a sign on your front door that says "Open for Business, please come in" and then complaining when people walk in.
If you don't want people using your computer, don't provide public services on it.
Travis
There is nothing wrong with scanning ports and seeing what services a particular server offers to the general public. It's not like it's circumventing any security measures, it's just using TCP/IP in a manner it was meant to be used in. This is like saying that p2p filesharing clients are in a gray market. There's nothing wrong with a p2p filesharing program, the problem lies with those that abuse it.
Everyone is entitled to their own opinion. It's just that yours is stupid.
Yemen blocks sex websites? Shocker. Now if only they could block sex spam, maybe it'd be worth moving there...
--LP (j/k)
Anyway, I think that the main use of port scanning today, in internet (to contrast with internal lans, where it have some useful applications, from security audits to automatic configuration of things), is to find vulnerabilities, and even for lawful tries, is recomended to ask permision or be with the knowledge of the the remote administrator. If the ICE don't ask permission to the remote administrator for the scanning, well, I think that the "gray" area is actually pretty dark.
People get too excited about port scanning. They also get exciting about network mapping that looks like port scanning (try tracerouting a lot of hosts).
Your ports will get scanned. Get over it. If it upsets you, look for ways to dump the traffic. Yes, it is an oft-used reconnaisance technique for profiling systems prior to attack. But if a portscan allows an attacker to mount a successful attack on the basis of finding open ports or a vulnerable OS, then your security is inadequate. It's your problem.
No, I don't think portscanning is "nice", but really, folks, it isn't going to go away, and you should be thinking more realistically about the defensive measures necessary to protect your systems.
This sounds like the claims made by the RIAA and MPAA and others when they got the DMCA created. "Some of it could be used by some people to do something illegal, therefore we should make it all illegal." Clearly, as this program itself demonstrates, there are legitimate uses for port scanning, so i fail to see why the technique itself should be considred a "grey area."
This Space Intentionally Left Blank
Isn't FK kind of a troll already? he's got the freaks list for it.
sulli
RTFJ.
It's about the only action I'm getting these days.
thanks,
HAL
Best Windows Freeware
Might as well start here...
On the other hand, it is taking network resources without asking permission and could conceivably even cause trouble for the network administrator or business or its customers.
However, if the netadmin is competent, there's no problem because there won't be any open ports available to the outside for proxy use anyway. Moreover, it's exactly the incompetent sysadmin who leaves ports open who is responsible for the open relays that are used for the bulk of the spam that clogs our email boxes. If a sysadmin gets grilled for a week or two over his system's attempt to access "forbidden sites", perhaps this will teach him that it's time to lock down his system and if he doesn't know how to, find out NOW.
This makes the program a good idea in any case. Anything that disproportionately hammers stupid sysadmins is a good thing, even if the sysadmin is the owner of a single box with a broadband connect that due to the usual end-user cluelessness, is 0wN3d by every script kiddie on the Net and whose bandwidth is mainly used to spread either trojans or spam.
Tech Public Policy stuff
I've always heard that port scanning is like checking to see if doors are unlocked. Its annoying but not illegal. However using the knowledge and breaking in.
If people are that concerned then they can always reconfigure their firewall to only allow traffic to the ports that are meant to be open and drop the rest. Of course if they really want to get paranoid then they should look at fooling nmap (posted a couple of days ago)
Rus
Cheap UK and US VPS
Really, what's so wrong about it? I mean, having a port open for use is like advertising a service. I think of a computer as a public office building - the kind dentists and lawyers work in - some doors are locked, various ones lead into offices. There is always a receptionist desk.
So, you can go down the hall and find out what offices are open to public business. Some doors are locked, some the secretary says "no, we don't want any new customers" or "you have to go get a t124350892 slip from elsewhere before you see the doctor" or "yes, we're open for business".
The admin is the security guard. If you don't want to be a security guard - lock the front door to the building. Any doors that contain offices that aren't for the public should be locked. Any doors that expect restricted traffic should be selective about who comes in.
Just because OS's are designed cryptically, software is careless, and it requires way more knowledge then it should to hold down a computer doesn't mean port-scanning itself is unethical.
In an ideal system, any server admin should be forced to see right on his main remote window what ports are open and what apps are running on them and what security is in place on each one. This should be on by default for any "dumb server" people plan to use. The problem is that there is that software is designed only for hardcores, and being used by people with a 5 page faq and the man pages. The user doens't see a nice UI showing him whats going on where, all he sees is a blinking white cursor. He knows he's installed a buttload of software, but has no clue what its doing. For efficiency's sake, the software is very cryptic, so he does not know what his machine is doing.
Really - fearing port scanning is security through obscurity. While in time-critical apps like network gaming there is a certain appeal to trusting the users, but in regular serving there should be no doors left open.
The solution to port-scanning isn't banning port-scanning, its making server boxen such that the admin knows what's going on.
does it all the time!
troll? What do you call this?
Or do you mean crapflood?
I might believe it if you said that a developer had gotten a date. Four? No way did four developers talk to chicks, even if it was the same chick.
From the article:
.
"This to me is no different than hacking," said Jon Asdourian, a computer forensics examiner with Stroz-Friedberg. "They're obviously using resources that would not normally be available. Using someone else's resources without their knowledge is abhorrent to us."
Thats just crap - if somebody leaves a proxy-server open to the world, they can hardly complain when *gasp* somebody uses it as a proxy server . .
And as somebody mentioned earlier, port scanning itself is not inherently wrong. Its people putting the information gained from port scanning to ill use that is wrong.
It strikes me that there's some analogy to gun control here - port scanning doesn't root computers, hax0rs root computers . . .
"This to me is no different than hacking," said Jon Asdourian, a computer forensics examiner with Stroz-Friedberg. "They're obviously using resources that would not normally be available. Using someone else's resources without their knowledge is abhorrent to us."
So where do I find a list of ports i'm authorized to connect to and use services? What if I set up a web server, publically accessable, but meant for private use, with my entire cd collection ripped to ogg/mp3 - who is responsible if random people start downloading the archive and I get taken to court by the RIAA?
Well "free speech"/"no censorship" may be a US law but certainly not a international law. And internet is a global thing which can not be governed by either a US law or an international law.
In fact each country's local law will determine the fate of each packet that passes over h/w equipments stationed in that country. If that is unacceptable to some, tough luck, find another country to host the equipment
Each country has its laws which may appear as censorships to others, this doesn't give the other countries the right to interfere with the country's law.
One man's law is other man's censorship.
and One man's freedom is other man's barbarism.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
According to their website:
NOTE: This wired article is not exactly accurate.
1. The ICE browser does not port scan anyone, it issues a request for a URL to a proxy server and returns the results to the user. There is no scanning of any kind.
The process of scanning occurs when open, publicly accessible proxies are identified by researchers in the Citizen Lab. The only ports checked are 80, 8080, and 3128, no others.
In many cases proxies are identified based on the fact that they are listed on websites that catalog lists of open, publicly accessible proxy servers. In such cases NO scanning is done.
You can read the rest here.
If you come to my house and try all the doors to see what's open to the general public, you'll probably get shot or at least get to see how well your head is capable of decelerating a baseball bat.
Why? It's not polite, and rude people get treated rudely.
Why isn't Australia on their list of selectable countries?
Are they using some other kind of censorship than blocking certain sites?
How small a thought it takes to fill a whole life
I thought you hated when americans try to force their ideals on the rest of the world?
It's OK to circumvent another countries censorship laws, but it's not ok to try to remove a corrupt government that tortures and abuses it's people, or is hostile to neighbouring countries?
I just love how peaceniks and hippies pick and choose which human rights are worth defending.
Right to look at kiddie porn - yes. Right to not have your daughter raped in front of you because you're the wrong flavor of muslim - NO.
Look, if you think we have no right in another countries affairs, stick by that. If $COUNTRY wants to block $SPEECH, then it's their business.
Or, if you believe in free speech as a basic human right, then defend all human rights.
Hypocrites and sycophants.
Back to the trolling
It's not exactly port scanning as most people think of it. They're looking for web proxy servers, which they can then use to see what web sites are visible to that system.
The only ports they really need to check are 80, 1080, 8080 and maybe a couple of others that are in common use. Then they send an HTTP GET command to try to access some publicly visible system like Yahoo, or maybe the local government home page. If it works, they've found a proxy server. More often they get a 404 or some similar error and they go on to another system.
But I wouldn't think it would make sense to scan a bunch of ports, most people run web proxies on the few listed above.
This is a tremendous public service Slashdot is providing... by reposting old articles but slightly rewording them, perhaps at least one copy will make it past the filters!
I browse Slashdot at +3, Funny
Seeing as it is possible to to illicit a DoS or due to poor program design actualy crash applications with a simple port scanning then you have to question if its even a gray area, ie if you do damage its bad, if not your ok.
Port scanning is akin to ringing somebodies phone and hanging up when they pick up. Fun, potentialy annoying, potentialy very annoying with regards to the target.
The only people I portscan are people who appear in my firewall logs or friends with prior concent. Never throw the 1st punch, just document who did and play on.
You go up to something that looks like a store, and try the doors to see if it's open.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Hmmm, my country appears to make all the sites, that Slashdot links to, unreachable.
An anti-nerd conspiracy?
All my firewall events go into a DB, which I query daily. I have a set of reports showing things like average scans per second per host, most popular ports, most popular times of day, etc. If I see something incredibly suspicious I suppose I would try to investigate further -- but most of the time I just have a good time watching people bounce off my firewall.
If you don't want people sending packets to various ports on your box, perhaps you should disconnect it from the Internet.
Do I understand this correctly? They're port-scanning for proxies *within totalitarian regimes* and then bouncing requests for *restricted material* off of those machines? What the hell happens when the totalitarian regime gets angry? All they see is a machine *in their country* repeated trying to access restricted information. They won't go beat up these "researchers" in Canada, they'll go beat up/arrest/jail/re-educate the poor sysadmin who doesn't know how to configure a proxy properly. That's just f-ing irresponsible on the part of these "researchers".
Yet Another Imperialist Oil War.
Hey did you read the latest issue of fortune?
A CEO is going to be the new dictator of Iraq.
America has gotten so out of control it's actually conquering countries and installing CEOs of major American companies (L-3 Communications in this case) as dictator...
Yep, when little Kim Chang's formerly secret proxy is made public knowledge by these 'humanitarians', and he's tortured to death and his decapitated head is dragged through the village behind a military truck as a warning to others, then these guys will really know they've made a difference.
That's just silly. A house is assumed to be private, unless you see a "Garage Sale" or "Auction Today" sign in the front yard. On the Internet there is no front yard, and no sign, just the general assumption that a computer on the Internet is there to communicate over the Internet. As far as I'm concerned, putting a server on the Internet is an invitation to knock on its door and say hello.
What if you had never heard of Yahoo? For example, you are from a country that just got Internet access. Yahoo is out there, just waiting for you to knock on the door so it can say hello, but it never actually invited you to knock. Should you be afraid to? Of course not. Yahoo wants nothing more than for you to stop by for a cup of tea.
You say "That's stupid, everybody knows Yahoo". Ok, make it something else. JoeSearchEngine, same story. You never saw a commercial or link for it, but you see it is on the Internet (you checked registered domain names, snooped network traffic, heard via word of mouth, etc.). Is it still ok to knock? How is this different from Mr. Third World querying port 80 on Yahoo?
Now expand that. You're using something besides the web, some application that uses a different port (or the web on a different port, whatever). Is it ok to query *that* port? I say yes. These servers have been placed on the Internet to communicate, but unfortunately they don't have the ability to hang the "Garage Sale" sign in the front yard. If they don't want to talk to you, they'll say "Go away" or flat out ignore you when you knock. That is the responsibility of the server admin. If the admin put up a server, and on port 7777 it says "Hey, c'mon in and enjoy the root!" then that's the admin's fault. Not the fault of the poor schmuck who knocked.
I will agree that if a port says "Go away" and the person keeps poking at that port, then the person poking should be poked right back (preferrably in the eye). But if your port says "Hi! Come in!" then that is your own problem.
SQUEAK, the Death of Rats explained.
DOS a country?
You may DOS a couple of proxies, but only countries with minimal connectivity would be DOS'd by a few portscans.
Besides, it's Foutes les Francais - les singes qui mangent fromage et surrendent...
oh brave new world, that has such people in it!
Yes, we do. Any problems with that, you colonial fuckwit?
It's OK to circumvent another countries censorship laws, but it's not ok to try to remove a corrupt government that tortures and abuses it's people, or is hostile to neighbouring countries?
Yes - circumventing censorship laws tends not to kill lots of civilians, whereas forcible regime change is a little messy (you Yanks should know - you're nearly as good at it as we once were).
All human rights are worth defending - my definition of human rights doesn't happen to include your spurious "Right to look at kiddie porn".
Look, if you think we have no right in another countries affairs, stick by that. If $COUNTRY wants to block $SPEECH, then it's their business.
Yes - you have no rights in another country's affairs, but that shouldn't stop you researching and criticising, if that's your bag.
It's fucking dickheads like you that give libertarianism and conservatism a bad name.
Back to the trolling
Didn't notice you'd left...
oh brave new world, that has such people in it!
Interesting that Slashdot is blocked by USA K12 even get a nice page saying it is blocked by their filtering policy. Reason for blocked is Thank you for your submission. Below please find a listing of the category (ies) in which your submitted URL appears. For a detailed description of each category, visit our filtering categories section. The Site: slashdot.org is categorized by N2H2 as: Profanity Message/Bulletin Boards
By making this knowledge available to those who live in countries whose government censor internet access, they become empowered to bypass whatever censorship that's imposed on them. The government may block public proxy servers or sites that provide listings to them, but they can't stop someone from discovering proxy servers themselves!
For this very use alone some governments probably make sure port scanning is illegal (if it isn't already). In that case, these governments have better also block all sites that offer port scanning services, which would itself function as a proxy to construct services to find proxy servers.
It's like whack-a-mole, big brothers can try to take out one path to circumvent their restrictions, but sooner or later another one will pop up, and another one, and another one...
That is really a crock. If a program crashes because of data it receives from the network, it is buggy, and should be fixed. Unless the sender sends data with the intention to interfere with the scanned machine's operation, it is silly to blame the sender for damage. This is a common criteria for laws: certain actions are forbidden only if there are "bad" intentions, as can be demonstrated in a court.
A proxy should not be confused with a public webserver, where it is reasonable to assume that the default is to allow public access. Your analogy of the open gate applies to normal webpages on my webserver. But using my proxy without my permission is the same as driving off in my car (although when someone comes to steal my car, I deliberately leave the keys in the ignition, and have the doors lock and the car refuse to go anywhere while collecting evidence for the police).
Gotta install a new spellchecker in my brain. This one can spell ok, but it keeps auto-correcting to the wrong words.
Just because you can fit a scredriver into a wallsocket means it was intended for such purposes. Not all applications are deemed buggy just becase to port scan crashes the application. There are many many forms of port scanning used today and some can casues problems/highlight unforseen issues both good and bad. For example there is one manufactures fault tolllerant clustering software that would crsh due to one form of port scanning. There's one WIFI (well a few actualy) that spit out there encryption keys due to another form of port scanning. What is a standard port scan - connect scan perhaps. And most applications are fine with that. Perhaps some internal services bork in some of the more exotic UDP scans but thats to be expected. Imagine you have an operating system that can run on hundereds of motherboards with numerous cpu types and pci/agp/isa/eisa/mca cards in a multitude of slot permutations. Have they realy ALL been tested. Impossible to do given that the combinations outnumber all our manours put together for life. So for a manufacture to be guilty of writting buggy software in a networking enviroment would you not have to clarify what a non buggy networking infrastructure and packets were first. For technicly it is the network/network traffic that is buggy in the context of a port scan and not the application, as some might say and they would be right. But a fault is a fault and in the previous contexts they are not very clever in that they circumvent what the products are supposed to achieve, so in this context given the results they would indeed be software bugs. End of the day I agree a bug in any context is still a bug nomater where the fault lies you must cater for all situations and trust no one with regards to following the golden RFC rules, for rules can and will be broken, otherwise they wouldn't be rules of measurement in the first place now would they.
Port scanning is in the same grey area that most other security-inclined activities are, because it's about intent -- a port scanner can be used for good or for evil. If I'm port scanning my own machine to make sure that no unauthorized ports are bound, that's certainly a legitimate operation. So even can be applications that would otherwise be purely malicious -- it's find to run a program to gobble up memory, eat CPU, or spawn processes crazily if I'm stress testing a machine. Even password crackers can be legitimate, if I'm administering a machine and I want to make sure that no users have easy-to-find passwords.
Port scanning without authorization (and not just from the owner of the box) is grounds for termination. Only certain people who have completed special training are allowed to scan a box, even one not on site.
IANAL... But I play one on
Bad analogy. Bad bad bad bad bad bad bad BAD analogy.
Anyways. For every single negative use of port scanning I can think of about 10 that would make my life hellish if I was without. Troubleshooting servers. Computer security. Filter testing. IPtable testing. etc. etc. etc.
Quite often friends bug me for help with their servers, the first thing I do is nmap their machine. If said friend happens to live behind the Great Firewall of China, then I have problems, don't I?
Karma: Non-Heinous
what about using a broadband connection and opening about 10000 lynx sessions to the nearest web site? the site eventually drops.
it is evil, but it wasn't scanning, it was just BROWSING;
this is an attack done by browsing, so ANY net service can be used in malicious actions.
so they are upset on port scanning, they are upset on icmp replies, what's next? internet shutdown?
"Hey Fletch, how are you coming with that article?"
"Well, there were sort of in a gray area"
"How gray?"
"ummm charcoal?"
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
Well on the topic of port scanning, what about major companies such as Apple port scanning users or visitors to their servers? I cannot exactly remember which Apple server it was that I would get port scanned every time I would visited the server. Then, when I would reply to Apple about the port scan, they would reply back with a rude comment saying that it was apart of their server and not to worry about it. So could large, trusted companies really be trusted?
We are not tech freaks, nor tech addicts, but merely Technology experts.
Easy answer, read the constitution, Freedom of speech. Nothing can be done about it. End of debate.
We are not tech freaks, nor tech addicts, but merely Technology experts.