Nmap Announce mailing list archives
RE: legality of port-mapping
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Wed, 24 Feb 1999 12:21:20 -0800
oops... i'm making another response... i really promise not to make any more on this thread... On Tue, 23 Feb 1999, Dragos Ruiu wrote:
I'm afraid I have to take serious issue with anyone who tells me a port scan is illegal. Or who wants it to be. Let me describe a real world scenario that I was in yesterday:
[...snip...] A lot of people, particularly the ones on the net who argue over technicalities, seem to think that because the law sometimes mishandles grey areas that there should never be any grey areas. Unfortunately that doesn't fly in reality. It's perfectly acceptable, and usually works in practice, for a law to have grey areas. A lot of laws have loopholes in that you must have violated them with intent, or out of negligence. If you didn't do that, then you've got a defense. That's how the law often works, and therefore the argument that some portscans can be either legitimate or accidents and therefore all portscans should be legal just doesn't fly.
In this scenario, even if we turn up nasty banners, I don't think that there should be any grounds to call that wrong or illegal in any manner.
Of course not.
Yet on the log files it could look like we port-mapped and then tried to break in to three machines.
Yes, and they have written evidence.
I'll tell ya, if some overzealous sysadmin phoned "computer savvy" cops and wasted my time with them, they would have to get through our lawyers. And they -are- mean. My common sense says that any time you make typing in the wrong IP address and mistakenly scanning someone with "restrictive" system usage policy a crime, something is not right. As far as the Steve Jackson Games history, I think we all have to agree that was one of the most idiotic examples of miscarriages of law-enforcement and computer myopia.
I know. That was the point. That is why you need to CYA: Cover Your Ass. If you're going to portscans machines that you don't own you need to document it, you should attempt to get permission for it, or notify other people. There is a risk, you see, that you could have a SJG come down on you and you want to be prepared for it -- because rightous indignation about the fact that you did nothing wrong is much, much less effective than documented evidence that you can wave in someone's face and make them go away. -- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- publicly available resources and the law HD Moore (Feb 23)
- Re: publicly available resources and the law Technical Incursion Countermeasures (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Lamont Granquist (Feb 23)
- RE: legality of port-mapping Dragos Ruiu (Feb 23)
- RE: legality of port-mapping Lamont Granquist (Feb 24)
- Re: publicly available resources and the law Daemor (Feb 23)
- Re: publicly available resources and the law Technical Incursion Countermeasures (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law Erik Parker (Feb 23)
- RE: publicly available resources and the law Dragos Ruiu (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law rain.forest.puppy (Feb 23)
- Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- <Possible follow-ups>
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)