North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Port scanning legal

  • From: Jeff Wheat
  • Date: Tue Dec 19 11:12:19 2000

Isn't that just sweet... So in a nutshell it is *not* illegal
for kiddies to port scan a network looking for vulnerabilities.
It would seem to me that such scans would impair the integrity
of ones networks, or am I just smoking crack?


> -----Original Message-----
> From: [email protected] [mailto:[email protected]]On Behalf Of
> Edward S. Marshall
> Sent: Tuesday, December 19, 2000 10:43 AM
> To: [email protected]
> Subject: Port scanning legal
> A quick quote from the article:
>     A tiff between two IT contractors that spiraled into federal court
>     ended last month with a U.S. district court ruling in Georgia that
>     port scanning a network does not damage it, under a section of the
>     anti-hacking laws that allows victims of cyber attack to sue an
>     attacker.
>     Last week both sides agreed not to appeal the decision by judge Thomas
>     Thrash, who found that the value of time spent investigating a port
>     scan can not be considered damage. "The statute clearly states that
>     the damage must be an impairment to the integrity and availability of
>     the network," wrote the judge, who found that a port scan impaired
>     neither.
> This may have ramifications for both security professionals and abuse desk
> personnel; this ruling would seem to make it clear that you cannot claim
> time spent investigating abuse issues as damage. The complete finding is
> here:
> Any armchair lawyers on the list want to take a crack at this?
> --
> Edward S. Marshall <[email protected]>
> ------------------------------------------------------------------
> -------------
> [                  Felix qui potuit rerum cognoscere causas.
>             ]