Nmap Announce mailing list archives

RE: publicly available resources and the law

From: "Frank Miller" <frankm () bend or us>
Date: Tue, 23 Feb 1999 14:50:54 -0800

But what determines if a port scan was the light fingerprints of
an exploit?  When do you determine to spend a workday or hire a few
hours of a security jock to perform a system audit.

Case and point - lets say your logs displayed sshd scans that also
generated SEGV's?  If it was me, I'd have to spend a day
looking for possible succesful exploits, turning off sshd, and doing a stack
trace
of the core dump to close the stack issue, and warn the sshd maintainers.
I'll bet you could get this to stick as 'stolen' resources (based upon
past history with PD's).

I think you bring up a great point!  This is some pretty grey stuff, but I'd
still have to have charges pressed against me.

Frank

-----Original Message-----
From: Dragos Ruiu [mailto:dr () v-wave com]
Sent: Tuesday, February 23, 1999 7:50 AM
To: HD Moore; nmap-hackers () insecure org
Subject: RE: publicly available resources and the law

Interestingly enough, that posting about Oregon
port-scanning laws led to a chat over coffee with
my lawyer about hacking. He pointed me to an
interesting case documented in the clipping below.

His opinion was that it would be very difficult
to make port-scanning stick in court, because you
have to prove that the computer time or other
"stolen" resources or information have value such
that damages were incurred by their loss.

I doubt that a few miliseconds of processing time
to respond to a few errant UDP packets can be proven
to have significant value.  So despite all the paranoid
IT guys that freak out when port-mapped, I don't think
I would worry about the legal system just yet. I think
that even if you made the remote box reboot accidentally
(or not), unless there was a pattern of systematic harrasment,
they would have a hard time with the law.

As you can see in the case below, you have to go through
a lot to get hacking to stick as a crime. So if you
are a script kiddie, the next time those Oregon cops
show up on your doorstep, tell them to piss off and call
your lawyer. But you better get the parental unit to
shell out for a good lawyer if they can...

just my two cents,
--dr

Current thread:

Re: publicly available resources and the law, (continued)
- Re: publicly available resources and the law Technical Incursion Countermeasures (Feb 23)
  - RE: publicly available resources and the law Frank Miller (Feb 23)
  - Re: publicly available resources and the law Bennett Todd (Feb 23)
  - Re: publicly available resources and the law Lamont Granquist (Feb 23)
    - RE: legality of port-mapping Dragos Ruiu (Feb 23)
    - RE: legality of port-mapping Lamont Granquist (Feb 24)
  - Re: publicly available resources and the law Daemor (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
  - RE: publicly available resources and the law Erik Parker (Feb 23)
- RE: publicly available resources and the law Dragos Ruiu (Feb 23)
  - RE: publicly available resources and the law Frank Miller (Feb 23)
    - RE: publicly available resources and the law rain.forest.puppy (Feb 23)
    - Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
  - Re: publicly available resources and the law Bennett Todd (Feb 23)
  - Re: publicly available resources and the law Ken Williams (Feb 24)
    - Re: publicly available resources and the law Fyodor (Feb 24)
    - Re: publicly available resources and the law Jesse Whyte (Feb 25)
    - Re: publicly available resources and the law David Dennis (Feb 25)
    - publicly available resources and the law System Administrator (Feb 25)

(Thread continues...)