nanog mailing list archives
Re: Port scanning legal
From: Shawn McMahon <smcmahon () eiv com>
Date: Tue, 19 Dec 2000 13:57:38 -0500
On Tue, Dec 19, 2000 at 11:59:23AM -0500, John Fraizer wrote:
Had he likened portscanning someones network to walking into their back yard with a ladder, climbing up to the second floor and checking for open windows, perhaps the court would have found differently.
I'm sure they would, but it's a deeply flawed analogy. How many ports must be scanned before you deem it an attack? Is one port enough? Five? 50? If you pick a number here, is that arbitrary, or do you have a valid logical (and legally-supportable) reason for the number? If one port is sufficient, then the act of typing an IP address into a web browser to see if there's a web server listening is a crime.
Attachment:
_bin
Description:
Current thread:
- Port scanning legal Edward S. Marshall (Dec 19)
- RE: Port scanning legal Jeff Wheat (Dec 19)
- RE: Port scanning legal Patrick Evans (Dec 19)
- RE: Port scanning legal John Fraizer (Dec 19)
- Re: Port scanning legal Shawn McMahon (Dec 19)
- Re: Port scanning legal Alex Rubenstein (Dec 19)
- Re: Port scanning legal Deepak Jain (Dec 19)
- Re: Port scanning legal Leo Bicknell (Dec 19)
- RE: Port scanning legal Jeff Wheat (Dec 19)
- Re: Port scanning legal Valdis . Kletnieks (Dec 19)
- Re: Port scanning legal mdevney (Dec 19)
- Re: Port scanning legal Christian Kuhtz (Dec 19)
- Re: Port scanning legal Todd Suiter (Dec 19)
- <Possible follow-ups>
- RE: Port scanning legal Mark Borchers (Dec 19)