Nmap Announce mailing list archives
Re: publicly available resources and the law
From: Fyodor <fyodor () dhp com>
Date: Wed, 24 Feb 1999 19:20:17 -0500 (EST)
I think this debate has brought forth some important issues. For example, it would be nice if something was done about some draconian state laws which, if applied literally, could make everything from pinging to port scanning to web browsing illegal unless you have explicit authorization from the destination host. But a more practical question than 'could port scanning be construed as illegal in some ass-backwards state' is 'will I get arrested for doing nothing but portscanning a system'. And the answer to that is almost always "no". Hundreds of thousands of people have downloaded nmap (and others have obtained it when they instaled FreeBSD, Debian Linux, Trinux, etc). Millions of IPs have been scanned (I alone scan class B's on a somewhat regular basis). To the best of my knowledge, nobody has ever been arrested for simply scanning another machine (if anyone knows of such a case, please send info to the list). Even though the worry of legal problems is extremely low, there is a very good chance that if you make a habit of scanning large numbers of hosts, you (or your ISP) will eventually get a complaint from some anal sysadmin. I had this happen to me once, but the guy cooled down when I explained that I was just testing out my new port scanner (and gave him an early release of nmap 2). The Internet Operating System Counter folks ( http://www.leb.net/hzo/ioscount/index.html ) estimate that they get about 1 query/complaint per 50,000 hosts. They apparently scanned (with queso) 1,191,755 hosts in January. So a good rule of thumb is: don't scan from anywhere that complaints about your actions can cause you trouble. If your job or your school accounts are critically important to you, don't risk them by engaging in anything at all controversial (viewing porn, port scanning, tracerouting, MP3 downloading, exportation of cryptography, etc). Spend the $20/month for a stupid ISP account and move all such activity there. And if they cancel your account for some stupid reason, switch to a better ISP (and if you have time, write the old ISP a letter explaining why you disagree with their policy). Cheers, Fyodor PS: Due to an overwhelming response on this topic, I had to skip a lot of messages. I tried to post the ones which were on topic and contained pertinant facts (ie useful research on state laws or actual case examples). I don't mind posting occasional opinionated rants, but I don't want to flod the list with dozens of them in one day. It is not personal. -- Fyodor 'finger pgp () www insecure org | pgp -fka' In a free and open marketplace, it would be surprising to have such an obviously flawed standard generate much enthusiasm outside of the criminal community. --Mitch Stone on Microsoft ActiveX
Current thread:
- RE: publicly available resources and the law, (continued)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law Erik Parker (Feb 23)
- RE: publicly available resources and the law Dragos Ruiu (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law rain.forest.puppy (Feb 23)
- Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law Frank Miller (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Ken Williams (Feb 24)
- Re: publicly available resources and the law Fyodor (Feb 24)
- Re: publicly available resources and the law Jesse Whyte (Feb 25)
- Re: publicly available resources and the law David Dennis (Feb 25)
- publicly available resources and the law System Administrator (Feb 25)
- Re: publicly available resources and the law vik bajaj (Feb 25)
- Re: publicly available resources and the law Bennett Todd (Feb 26)