|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port scanning legal
On Tue, 19 Dec 2000 11:05:40 EST, Jeff Wheat <[email protected]> said: > Isn't that just sweet... So in a nutshell it is *not* illegal > for kiddies to port scan a network looking for vulnerabilities. > It would seem to me that such scans would impair the integrity > of ones networks, or am I just smoking crack? 1) It's only binding on the one US Circuit Court district. 2) It's narrowly written to only prohibit counting the time spent investigating a port scan as "damages". So if you're billable for $200/hour, and spend 1 hour checking the portscan and 10 hours fixing the hack-in they found, if you're computing damages for civil or criminal action, it's only $2,000, not $2,200. 3) Let's not forget that a *scan* only actually impairs the integrity of a network that hasn't been secured against scanning. You'll never have somebody walk up to you and say "Hey, your front door is unlocked" if you always lock your front door. The problem starts when somebody takes the information gathered from the scan and actually uses an exploit. And case law seems to be pretty clear in most jurisdictions that have computer crime laws - using an exploit is a no-no. And no, please don't go scanning our nets to find stuff for us - we're quite aware of exactly what shape our 2 /16's are in. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00009.pgp
|