undefined | Better HN

0 pointsjolmg6y ago0 comments

I answered an almost identical reply, here[1].

> including the ones that say "authorized personnel only", "private", "do not enter"

Basically, to answer you separately, an analogy like that doesn't represent TCP accurately. In your analogy, you can

1) see from afar for visual cues indicating whether access is being given to you, and

2) try opening it.

Your argument is that doing 2 is invasive, because they can do 1.

However, in TCP, you can only try to make the connection. There is no see from afar. If I give you an IP address, there's no standard way for you to tell me whether FTP is available, without trying to connect to the port! That's your only choice!

So, yes, "I was trying to find out which [service is available]" is a very valid reason.

> Port scanning is a brute force, over-reaching probing technique.

It certainly is brute-force, and that sucks. I think there's a network service / protocol called Portmapper/rpcbind[2] that lists the services available and port numbers they're on. I only know that NFS uses it, but nothing else. If that were standard, then I'd agree port scanning is over-reaching. As it stands, though, I don't consider it over-reaching when it's the only TCP mechanism to see what's available online.

[1] https://news.ycombinator.com/item?id=23249246

[2] https://en.wikipedia.org/wiki/Portmap

0 comments

1 comments · 1 top-level

sedatk6y ago

Nope. Ports that you can use are already advertised to you: web links, MX records, registrar records, WSDLs etc. Enumerating all ports that aren’t advertised to you is an overreach.

j / k navigate · click thread line to collapse