Slashdot Mirror
Anti-Censorship Efforts And Port Scanning
scubacuda writes "According to Wired, the University of Toronto's Internet Censorship Explorer permits people test the limits of national and organizational Internet-blocking schemes. Users enter a target URL (and a country), and the software then scans the ports of available servers in that country, looking for open ones to connect on from behind that country's firewall. Many consider port scanning a gray area, as it's often used by various hackers to find vulnerabilies that can be exploited."
Darn, Iraq isn't listed. Just trying to do my part for the effort.
I used to have a good sig...
So now the countries will just block that site too. How useful.
<high-level position here>
<name of stupid small company here>
Portscanning finds things that are not meant to be open.
For example, IIS web services that MS "trusts" enough to give full system access to.
"They're obviously using resources that would not normally be available. Using someone else's resources without their knowledge is abhorrent to us."
Of course, the people with the open proxies have provided a public service to the world. His argument would be similar to someone setting up a website, and then complain when someone uses it without their knowledge. Or putting a sign on your front door that says "Open for Business, please come in" and then complaining when people walk in.
If you don't want people using your computer, don't provide public services on it.
Travis
There is nothing wrong with scanning ports and seeing what services a particular server offers to the general public. It's not like it's circumventing any security measures, it's just using TCP/IP in a manner it was meant to be used in. This is like saying that p2p filesharing clients are in a gray market. There's nothing wrong with a p2p filesharing program, the problem lies with those that abuse it.
Everyone is entitled to their own opinion. It's just that yours is stupid.
Anyway, I think that the main use of port scanning today, in internet (to contrast with internal lans, where it have some useful applications, from security audits to automatic configuration of things), is to find vulnerabilities, and even for lawful tries, is recomended to ask permision or be with the knowledge of the the remote administrator. If the ICE don't ask permission to the remote administrator for the scanning, well, I think that the "gray" area is actually pretty dark.
People get too excited about port scanning. They also get exciting about network mapping that looks like port scanning (try tracerouting a lot of hosts).
Your ports will get scanned. Get over it. If it upsets you, look for ways to dump the traffic. Yes, it is an oft-used reconnaisance technique for profiling systems prior to attack. But if a portscan allows an attacker to mount a successful attack on the basis of finding open ports or a vulnerable OS, then your security is inadequate. It's your problem.
No, I don't think portscanning is "nice", but really, folks, it isn't going to go away, and you should be thinking more realistically about the defensive measures necessary to protect your systems.
This sounds like the claims made by the RIAA and MPAA and others when they got the DMCA created. "Some of it could be used by some people to do something illegal, therefore we should make it all illegal." Clearly, as this program itself demonstrates, there are legitimate uses for port scanning, so i fail to see why the technique itself should be considred a "grey area."
This Space Intentionally Left Blank
It's about the only action I'm getting these days.
thanks,
HAL
Best Windows Freeware
On the other hand, it is taking network resources without asking permission and could conceivably even cause trouble for the network administrator or business or its customers.
However, if the netadmin is competent, there's no problem because there won't be any open ports available to the outside for proxy use anyway. Moreover, it's exactly the incompetent sysadmin who leaves ports open who is responsible for the open relays that are used for the bulk of the spam that clogs our email boxes. If a sysadmin gets grilled for a week or two over his system's attempt to access "forbidden sites", perhaps this will teach him that it's time to lock down his system and if he doesn't know how to, find out NOW.
This makes the program a good idea in any case. Anything that disproportionately hammers stupid sysadmins is a good thing, even if the sysadmin is the owner of a single box with a broadband connect that due to the usual end-user cluelessness, is 0wN3d by every script kiddie on the Net and whose bandwidth is mainly used to spread either trojans or spam.
Tech Public Policy stuff
Really, what's so wrong about it? I mean, having a port open for use is like advertising a service. I think of a computer as a public office building - the kind dentists and lawyers work in - some doors are locked, various ones lead into offices. There is always a receptionist desk.
So, you can go down the hall and find out what offices are open to public business. Some doors are locked, some the secretary says "no, we don't want any new customers" or "you have to go get a t124350892 slip from elsewhere before you see the doctor" or "yes, we're open for business".
The admin is the security guard. If you don't want to be a security guard - lock the front door to the building. Any doors that contain offices that aren't for the public should be locked. Any doors that expect restricted traffic should be selective about who comes in.
Just because OS's are designed cryptically, software is careless, and it requires way more knowledge then it should to hold down a computer doesn't mean port-scanning itself is unethical.
In an ideal system, any server admin should be forced to see right on his main remote window what ports are open and what apps are running on them and what security is in place on each one. This should be on by default for any "dumb server" people plan to use. The problem is that there is that software is designed only for hardcores, and being used by people with a 5 page faq and the man pages. The user doens't see a nice UI showing him whats going on where, all he sees is a blinking white cursor. He knows he's installed a buttload of software, but has no clue what its doing. For efficiency's sake, the software is very cryptic, so he does not know what his machine is doing.
Really - fearing port scanning is security through obscurity. While in time-critical apps like network gaming there is a certain appeal to trusting the users, but in regular serving there should be no doors left open.
The solution to port-scanning isn't banning port-scanning, its making server boxen such that the admin knows what's going on.
Anne Malle.. You so silly
Your troll would have got modded up if you said CSIS and RCMP instead of FBI and CIA.
Why would the FBI or CIA be in toronto? It's just silly.
Plus, I'm pretty sure it's Anna Malle. (Annamalle..animal) She's probably the reigning double penetration porn queen, besides Kate Fent, of course.
From the article:
.
"This to me is no different than hacking," said Jon Asdourian, a computer forensics examiner with Stroz-Friedberg. "They're obviously using resources that would not normally be available. Using someone else's resources without their knowledge is abhorrent to us."
Thats just crap - if somebody leaves a proxy-server open to the world, they can hardly complain when *gasp* somebody uses it as a proxy server . .
And as somebody mentioned earlier, port scanning itself is not inherently wrong. Its people putting the information gained from port scanning to ill use that is wrong.
It strikes me that there's some analogy to gun control here - port scanning doesn't root computers, hax0rs root computers . . .
"This to me is no different than hacking," said Jon Asdourian, a computer forensics examiner with Stroz-Friedberg. "They're obviously using resources that would not normally be available. Using someone else's resources without their knowledge is abhorrent to us."
So where do I find a list of ports i'm authorized to connect to and use services? What if I set up a web server, publically accessable, but meant for private use, with my entire cd collection ripped to ogg/mp3 - who is responsible if random people start downloading the archive and I get taken to court by the RIAA?
According to their website:
NOTE: This wired article is not exactly accurate.
1. The ICE browser does not port scan anyone, it issues a request for a URL to a proxy server and returns the results to the user. There is no scanning of any kind.
The process of scanning occurs when open, publicly accessible proxies are identified by researchers in the Citizen Lab. The only ports checked are 80, 8080, and 3128, no others.
In many cases proxies are identified based on the fact that they are listed on websites that catalog lists of open, publicly accessible proxy servers. In such cases NO scanning is done.
You can read the rest here.
Why isn't Australia on their list of selectable countries?
Are they using some other kind of censorship than blocking certain sites?
How small a thought it takes to fill a whole life
>If you come to my house and try all the doors to see what's open to the general public, you'll probably get shot or at least get to see how well your head is capable of decelerating a baseball bat.
Where I come from, you'd be going to jail for a very long time. Certainly much longer than the "burglar", who, at best, would go to jail for a week or two for a tresspass misdemeanor.
And while that happens to be Canada, the US is no different. That is, assuming you don't have a big "No Tresspassing" sign outside. You need one of those to protect your right to kill unarmed strangers on sight in the VERY few US states that support such action.
And you know how rude it is to put up "No Tresspassing" signs...
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
You go up to something that looks like a store, and try the doors to see if it's open.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
All my firewall events go into a DB, which I query daily. I have a set of reports showing things like average scans per second per host, most popular ports, most popular times of day, etc. If I see something incredibly suspicious I suppose I would try to investigate further -- but most of the time I just have a good time watching people bounce off my firewall.
If you don't want people sending packets to various ports on your box, perhaps you should disconnect it from the Internet.
Do I understand this correctly? They're port-scanning for proxies *within totalitarian regimes* and then bouncing requests for *restricted material* off of those machines? What the hell happens when the totalitarian regime gets angry? All they see is a machine *in their country* repeated trying to access restricted information. They won't go beat up these "researchers" in Canada, they'll go beat up/arrest/jail/re-educate the poor sysadmin who doesn't know how to configure a proxy properly. That's just f-ing irresponsible on the part of these "researchers".
> If you come to my house and try all the doors to see what's open to the general
> public, you'll probably get shot or at least get to see how well your head is
> capable of decelerating a baseball bat.
Except your home isnt a public place.
Your home is a private place, for you.
So to extend that to computers.
Your PC behind a firewall is a private place.
Did anyone claim it was OK to attempt to break in through a firewall?
No. So please stop arguing that point.
A webserver is indeed a public place.
Its more compared to the general use lodge at the park down the street.
And let me tell you, if you attacked me while i was attempting to see if the doors were open on that public general use lodge, you would clearly be in the wrong for doing so.
When you run a webserver, you are allowing the general public. If you dont want the general public there, take measures, ANY MEASURES AT ALL, to stop them!
Leaving a webserver on a public network with no filters, firewall rules, IP access lists, or authentication, can not in any way be argued as taking measures to prevent access to it. You wouldnt have a leg to stand on.
Its akin to putting a tarp down on the ground, setting out your , no walls or screens or covers or anything, then complaining when people look at that is laying out in the open.
If you dont want that stuff being looked at, dont put it there in public.
Same difference with a webserver.
As for your comment of not polite. Inviting people into your home, then shooting them for tresspassing is what _I_ call impolite. That is basically what you are trying to justify being OK.
Maybe the analogy of "looking at a house to see if the doors are open, or if there is a big 'welcome' sign by the door". I think the analogy of trying a door is better matched up to trying exploits on a port, whereas port scanning is just looking at an open or closed door.
I agree with your conclusion, but not how you got there.
A computer connected to the public Internet is not a house, and has no surrounding property on which people can knowingly trespass in order to try a doorknob.
A closer analogy would be someone looking your house over from the street to see if there's a garage sale going on, or you've got business/sale signs up, etc...
This isn't illegal, despite the fact that a would-be housebreaker could do the same thing to spot an open window.
Even then, the analogy is far from perfect. You're "blind" on the net and can't actually see anything, so you must resort to icmp pings and tcp connection requests like a form of sonar.
It gets even more complicated in that the detection medium is metered and your scans cost both you and your recipient. This is why I would consider a portscan rude. You're using up someone else's resources in a rather inefficient and selfish manner.
The important thing is not to deny legitimate use of portscanning tools. How would I know the machine I set up was not advertising services it does not offer? I portscan it! Portscanning is just part of the repertoire of tricks any network admin must know to debug network problems. While it is certainly possible to use it to accomplish goals other than that, the proper, responsible use of such things should be denied.
Interesting that Slashdot is blocked by USA K12 even get a nice page saying it is blocked by their filtering policy. Reason for blocked is Thank you for your submission. Below please find a listing of the category (ies) in which your submitted URL appears. For a detailed description of each category, visit our filtering categories section. The Site: slashdot.org is categorized by N2H2 as: Profanity Message/Bulletin Boards
By making this knowledge available to those who live in countries whose government censor internet access, they become empowered to bypass whatever censorship that's imposed on them. The government may block public proxy servers or sites that provide listings to them, but they can't stop someone from discovering proxy servers themselves!
For this very use alone some governments probably make sure port scanning is illegal (if it isn't already). In that case, these governments have better also block all sites that offer port scanning services, which would itself function as a proxy to construct services to find proxy servers.
It's like whack-a-mole, big brothers can try to take out one path to circumvent their restrictions, but sooner or later another one will pop up, and another one, and another one...
Yes, we do hate it.
It's OK to circumvent another countries censorship laws, but it's not ok to try to remove a corrupt government that tortures and abuses it's people, or is hostile to neighbouring countries?
No, it's not OK to not respect the UN and its jurisdiction. It takes a big man to say "We know we're right, but the UN says we're wrong, so we'll do what we want anyway because we're the biggest." It takes a bigger man to say "We know we're right, but we'll respect the sanctity of the UN by not going in, because that's the will of the rest of the world."
What makes you so sure that you're the one who's right, when everyone says you're not (where "everyone" = Everyone except USA, UK, Australia and Spain)?
That is really a crock. If a program crashes because of data it receives from the network, it is buggy, and should be fixed. Unless the sender sends data with the intention to interfere with the scanned machine's operation, it is silly to blame the sender for damage. This is a common criteria for laws: certain actions are forbidden only if there are "bad" intentions, as can be demonstrated in a court.
Port scanning without authorization (and not just from the owner of the box) is grounds for termination. Only certain people who have completed special training are allowed to scan a box, even one not on site.
IANAL... But I play one on