this post was submitted on 24 Aug 2024
5 points (77.8% liked)
Programming
16975 readers
1288 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
At a guess, you might tell the difference between some benign scan and an attempt to actually take advantage of the port, perhaps to use as a trigger to automatically ban an ip address? or a way to divert malicious resources to an easy looking target so they are less available in other areas?
The difference between someone scanning for open ports and someone attacking a port they find open seems significant enough to at least track and watch for patterns... Whether that's useful for the majority of users or not is rarely why a feature is implemented.
What is a benign scan? Why do you need to scan a system if you are not trying to figure out what it is running - which is something only attackers or the server admins (looking for things that should not be exposed) would want to do. Any third party scanning for open ports I would consider an attack. Though it might just be an automated system looking for weaknesses - it is still an attack.