Full Disclosure mailing list archives
Re: Nmap Online
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Fri, 1 Dec 2006 09:09:25 -0500
On 12/1/06, Jason Miller <jammer128 () gmail com> wrote:
I agree with Dave on this one. Dude Van, I thought it was illegal in the states..? Or am I mistaken?
http://www.securityfocus.com/news/126
Also, think of this from the ISP's view, do they really want a service port scanning their users? And look at it this way, said target has a proxy server on it, attacker proxies into the proxy and scans the target server with that service, since he is now on the targets IP address, I think you understand what I'm getting at by now. nmap is made to find exploits, that is what this service is going to wind up being abused for (in most cases that i know).
nmap is used to find open ports and fingerprint OS's. What you do with that info is up to you. Here is an example of what is legal vs what isnt: If you scan a machine with nmap from one machine, that is not illegal. If you run 100,00 nmap scans from a distributed botnet and take down their server, thats illegal. If your nmap scan tells you that port 80 is open and you run a nessus scan and find that they are vulnerable to a bug in their webserver is that illegal? I do know If you exploit that weakness and backdoor their machine, you just broke the law, but am unsure about nessus's legality on systems you dont have a get out of jail free card for or own. I have no doubt about nmap though. as long as you dont take down their servers with the scans, you are legit. -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Nmap Online, (continued)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Michael Holstein (Dec 01)
- Re: Nmap Online Jason Miller (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online Randal L. Schwartz (Dec 01)
- Re: Nmap Online Dude VanWinkle (Dec 01)
- Re: Nmap Online David Matousek (Dec 01)
- Re: Nmap Online endrazine (Dec 01)
- Re: Nmap Online Ed Carp (Dec 05)
- Re: Nmap Online Greg (Dec 05)