Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Censorship Efforts And Port Scanning

Posted by timothy on from the poke-poke-ouch dept.

scubacuda writes "According to Wired, the University of Toronto's Internet Censorship Explorer permits people test the limits of national and organizational Internet-blocking schemes. Users enter a target URL (and a country), and the software then scans the ports of available servers in that country, looking for open ones to connect on from behind that country's firewall. Many consider port scanning a gray area, as it's often used by various hackers to find vulnerabilies that can be exploited."

2 of 159 comments (clear)

  1. Port scanning by Pxtl · · Score: 4, Interesting

    Really, what's so wrong about it? I mean, having a port open for use is like advertising a service. I think of a computer as a public office building - the kind dentists and lawyers work in - some doors are locked, various ones lead into offices. There is always a receptionist desk.

    So, you can go down the hall and find out what offices are open to public business. Some doors are locked, some the secretary says "no, we don't want any new customers" or "you have to go get a t124350892 slip from elsewhere before you see the doctor" or "yes, we're open for business".

    The admin is the security guard. If you don't want to be a security guard - lock the front door to the building. Any doors that contain offices that aren't for the public should be locked. Any doors that expect restricted traffic should be selective about who comes in.

    Just because OS's are designed cryptically, software is careless, and it requires way more knowledge then it should to hold down a computer doesn't mean port-scanning itself is unethical.

    In an ideal system, any server admin should be forced to see right on his main remote window what ports are open and what apps are running on them and what security is in place on each one. This should be on by default for any "dumb server" people plan to use. The problem is that there is that software is designed only for hardcores, and being used by people with a 5 page faq and the man pages. The user doens't see a nice UI showing him whats going on where, all he sees is a blinking white cursor. He knows he's installed a buttload of software, but has no clue what its doing. For efficiency's sake, the software is very cryptic, so he does not know what his machine is doing.

    Really - fearing port scanning is security through obscurity. While in time-critical apps like network gaming there is a certain appeal to trusting the users, but in regular serving there should be no doors left open.

    The solution to port-scanning isn't banning port-scanning, its making server boxen such that the admin knows what's going on.

  2. Re:It's just not polite by (void*) · · Score: 3, Interesting

    The important thing is not to deny legitimate use of portscanning tools. How would I know the machine I set up was not advertising services it does not offer? I portscan it! Portscanning is just part of the repertoire of tricks any network admin must know to debug network problems. While it is certainly possible to use it to accomplish goals other than that, the proper, responsible use of such things should be denied.