Nmap Announce mailing list archives
Re: publicly available resources and the law
From: Daemor <brian-g () tamu edu>
Date: Tue, 23 Feb 1999 16:16:03 -0600
Technical Incursion Countermeasures wrote:
ahh a good fun topic :}..
Yes it is. :)
ok AFAIK this is how it is interpreted normally.. Port scanning is quite rightly not a crime - it equates to rattling door knobs and trying windows.. not a felony in itself - however it is suspicious activity. This is the key... Now if during our port scanning we happen to find a wide open NFS port and access it - then we have committed a crime - because by port scanning we have shown intent - it is no longer an accident that we just happened to push on the door and fall in.
So you're saying that simply because it is a NFS port rather than an anonymous ftp or a web server that I don't have the right to retrive information from it? If I scan a network and see port 80 open, fire up my web browser and look at thier web site then this is not a crime. If no authentication is ever required then whats the difference in connecting to a NFS port, an open NETBIOS share or a web site? By the same token, just because someone doesn't password their router doesn't mean I should filter their traffic for them. ;)
Now I know US law is different to Aust law - but I'm guessing that the intent provision is still there - i.e that to be convicted of a deliberate act - the prosecution must show that you indented to commit the act.
Say I see someone FIN scanning a Class C range for port 143, it's fairly clear what his intentions are. However, a log of the port scan alone should not be enough to take legal action. Unless I have evidence that the individual attempted to circumvent the security meases that were in place there is no crime. He's nocking on doors, not breaking and entering. I personaly have not seen such case. I would hope the charge would not stick.
Cheers, Bret PS and just in case someone is stupid enough to take what I said as legal advise - its not :} Technical Incursion Countermeasures consulting () TICM COM http://www.ticm.com/ ph: (+61)(041) 4411 149(UTC+8 hrs) fax: (+61)(08) 9454 6042 The Insider - a e'zine on Computer security http://www.ticm.com/info/insider/index.html
Just muh thoughts on the matter. Daemor
Current thread:
- publicly available resources and the law HD Moore (Feb 23)
- Re: publicly available resources and the law Technical Incursion Countermeasures (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Lamont Granquist (Feb 23)
- RE: legality of port-mapping Dragos Ruiu (Feb 23)
- RE: legality of port-mapping Lamont Granquist (Feb 24)
- Re: publicly available resources and the law Daemor (Feb 23)
- Re: publicly available resources and the law Technical Incursion Countermeasures (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law Erik Parker (Feb 23)
- RE: publicly available resources and the law Dragos Ruiu (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law rain.forest.puppy (Feb 23)
- Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- <Possible follow-ups>
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Ken Williams (Feb 24)