Nmap Announce mailing list archives
RE: nmap illegal to use?
From: "Jim" <Jim () ly-core com>
Date: Mon, 11 Jun 2001 08:33:48 -0400
In reading the article FINDING FENCES IN CYBERSPACE: PRIVACY AND OPEN ACCESS ON THE INTERNET by Ethan Preston. I did not see anything that makes it illegal to use nmap unless you are attempting to hack into someone's system unauthorized. The article simply addresses the legitimate issues of unauthorized access and destruction or altering of someone else's information or system. As I read it, the use of nmap as an administrative and security tool is allowed provided the attempted access into the system is authorized (make sure you get it in writing though). It is clear that the legal ramifications as they relate to unauthorized access into someone's system is still very much in the development stages of our legal system. However, I think that the article was geared more towards those who intend to use the tool with malicious intent rather then the legitimate and authorized use of such tools. In short since none of us are intending to use tools like nmap illegally. The continued development and use of powerful network administrative/security tools such as nmap, Satan and crack will continue to be improved and used in an open manner. We all know that attempting access someone's system unauthorized should be illegal! -----Original Message----- From: Thomas Reinke [mailto:reinke () e-softinc com] Sent: Monday, June 11, 2001 12:20 AM To: nmap-hackers () insecure org Subject: Re: nmap illegal to use? There are some pretty compelling arguments in the paper, and a hell of a lot of research backing it up. If you have a legal interest in the issue, I'd suggest taking a complete read through the paper. Some of the interesting bits (and please note these are out of context...you really should read the article located at http://grove.ufl.edu/~techlaw/vol6/Preston.html) "COMPUTER FRAUD, ACCESS AND NMAP: Most American jurisdictions have computer crime laws which include prohibitions on unauthorized access. ... As a threshold for criminal liability, "access" proves to be a tremendously porous border." TRANSLATING "ACCESS" INTO REAL LIFE ON THE INTERNET "...A court deciding whether to assign liability would first inquire into what technical measures were used; the court must find the fences in cyberspace. Next, the court must decide whether the technical measures were reasonable. The computer owner who failed to protect against banner-grabbing should not have legal recourse when banner grabbing identifies his operating system. A computer owner who used a firewall that prevented port scans but not nmap-type OS fingerprinting might establish a strong case for liability against a nmap scanner." Tom Brays wrote:
Have you seen this one yet? Give me a break! "The Journal of Technology Law and Policy has a good article on computer
security and privacy. If you ignore the more metaphorical crap at the beginning of the article, the author marches through some laws that apply to the Internet and shows how they apply and why his way of deciding what kind of access to a computer breaks the law and what kinds don't is better. (Its based on property and expectations of privacy.) It's interesting to see the computer security from a lawyer's point of view. Especially interesting are his claims that using nmap is illegal, despite the VC3 v. Moulton case."
--
-------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org). -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap illegal to use? Tom Brays (Jun 10)
- Re: nmap illegal to use? Fyodor (Jun 10)
- Re: nmap illegal to use? Thomas Reinke (Jun 10)
- RE: nmap illegal to use? Jim (Jun 11)
- <Possible follow-ups>
- RE: nmap illegal to use? Scott Moulton (Jun 11)