Security Basics mailing list archives
RE: Is portscanning legal? was Re: application for an employment
From: "c.s.wright" <c.s.wright () unn ac uk>
Date: Tue, 4 Apr 2006 23:02:20 +0100
Hello,
Again - illegal and criminal are not the same. Trying to treat them as such is wrong. Criminal is a subset of illegal. Illegal is the superset.
Thanks for the explanation. However, why would port scanning be considered
illegal
since it is not a criminal offense?
Most things that end up in court or that you get fined for are not criminal offences. Port scanning is a property offence. Even if the router being scanned (as an example) is a gateway router - it is placed on the Internet as a gateway router. The implied purpose is to route traffic, not to provide services.
One example that I can think of is when a web site provides a link to an email address that doesn't work. A port scan on the relevant server could tell me if the mail server is down (and what alternative services might be available on the server for contacting whoever I'm looking for)
Port scanning a mail server is not a valid solution. To see if the SMTP port is up you could "telnet <host> 25". Using nslookup or dig would giuve a list of valid mail servers. The manner in which mail (SMTP works allows for a system to be down. When I started (and this was some time back) mail systems commonly used UUCP at scheduled intervals to receive mail. A message that the mail is spooled will follow. If the primary server is down you may not be able to send anyway. I have never seen a valid reason for a port scan of somebody elses mail server as it may be down.
Here, the port scanning has caused a server reboot and damage... but would the exact same danger not also be there if I use a mass downloader to download from the web site and cause the server reboot?
If the site has a set of terms and conditiuons that forbid mass downloaders and site mirrors than you are violating the policy and if you cause the damage you are liable. Port scanning with autorisation is legal, without is illegal. Just as driving with a licence is lefgal and without is iullegal. Regards Craig ==== This e-mail is intended solely for the addressee. It may contain private and confidential information. If you are not the intended addressee, please take no action based on it nor show a copy to anyone. Please reply to this e-mail to highlight the error. You should also be aware that all electronic mail from, to, or within Northumbria University may be the subject of a request under the Freedom of Information Act 2000 and related legislation, and therefore may be required to be disclosed to third parties. This e-mail and attachments have been scanned for viruses prior to leaving Northumbria University. Northumbria University will not be liable for any losses as a result of any viruses being passed on. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Is portscanning legal? was Re: application for an employment Chavoux Luyt (Apr 04)
- Re: Is portscanning legal? was Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- RE: Is portscanning legal? was Re: application for an employment c.s.wright (Apr 05)
- Re: Is portscanning legal? was Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 06)
- Re: Is portscanning legal? was Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 06)
- Re: Is portscanning legal? was Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 06)
- RE: Is portscanning legal? was Re: application for an employment Craig Wright (Apr 06)
- Re: Is portscanning legal? was Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 07)