Talk:Port scanner

Added technical citations
I added citations on the technical part. Legal aspects still needs citations. I believe that the quality can be reassessed and I propose a B grade if legal citations will be fixed.

--Pastore Italy (talk) 09:05, 28 September 2010 (UTC)

ICMP scans?
Isn't this also a port scan?:

KERIO PERSONAL FIREWALL Incoming Connection Alert! Remote: 192.168.254.254 - ICMP [8] Echo Request Someone on address 192.168.254.254 wants to send ICMP Packet to your machine Details about application: TCPP kernel driver.

It would be interesting to note in the article why IANA would want to scan computer connections in this way. --Espoo 08:24, 10 October 2006 (UTC)
 * No, ICMP Packets aren't addressed to a 'port'. In fact, they are not normal packets with TCP or UDP datagrams. For more information read this: Internet Control Message Protocol. --Travelan (talk) 20:48, 3 July 2008 (UTC)

Assessment and update
I've assessed this article as start with importance high. Port scanners are very common tools regarding computer security. I'll update the article to C once I've done the legal/ethic part and added more ref. Feel free to discuss if you disagree with the rating. --Irvick (talk) 14:53, 6 May 2009 (UTC)

Stealth scanning ?
I have a problem with these statements: ""There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection while some services can be crashed with a connect scan. However, the RST during the handshake can cause problems for some network stacks, particularly simple devices like printers. There are no conclusive arguments either way.""

I've looked on the Internet but haven't found any evidence of a service crashing on a connect. Actually, it's antinomic to call that a service if it cannot serve anything. Should I remove it? Irvick (talk) 18:46, 7 May 2009 (UTC)

Difficult-to-understand paragraph
I was going through doing some grammar/wording cleanup, but got stuck on this paragraph in the “Legal implications” section:

"Because of the inherent nature of the Internet (open, decentralized), lawmakers struggle since its creation to erect fences which will allow suing cybercriminals who cross them. This has resulted in many different computer abuse laws in each country, and many different interpretations of these laws. Port scanning is an example of the difficulties encountered to judge such cases. Although they are rare, most of the time it implies judging the willingness to commit a break-in or make an unauthorized access, more than judging the port scan itself:"

In particular, I was unable to reword the last sentence because I couldn't parse its meaning with 100% certainty. Does anyone know what exactly it's trying to say? ::Travis Evans (talk) 23:49, 5 July 2009 (UTC)


 * I tried to rephrase this in the fashion I interpret the intended meaning. Kbrose (talk) 00:30, 6 July 2009 (UTC)

Review
has requested assessment from WikiProject Computing. I've reviewed the article, made a few improvements and added a few tags. Someone needs to address the glaring in last paragraph of the article. There is still a lot of other work to be done providing citations. There are too many headings and the material does not flow well from section to section. Because of this I get the impression that coverage of the topic may be incomplete. --Kvng (talk) 15:26, 28 September 2010 (UTC)
 * I've reworked a bit the legal part and added refs, plus a bit of cleaning. Upgraded to B for Computer Security. Irvick (talk) 00:29, 6 December 2011 (UTC)

"Attack"?
I understand that the definition of port scan is cited, but I would argue that it is misleading nonetheless. Surely a port scan can't always be classified as an attack. There are many non-malevolent reasons to scan for open ports. I'm not an expert on the subject, but surely this is common sense? 130.159.17.137 (talk) 13:25, 14 December 2010 (UTC)
 * Bold term indeed, but the action of port scanning is rather aggressive (technically speaking), so... I'm not that shocked. And after all, many IT specialist say "target host" to define a host, that doesn't mean to be a threat to the host nonetheless. Feel free to change the wording if you find something more suitable. Irvick (talk) 00:29, 6 December 2011 (UTC)