Re: ICMP mapping, questioning legality!!

[UnixGeek <ed () XWING CENTIGRAM COM>]

I have to disagree on several points within CPC 502 and with the stance
that it inherently declares a portscan to be illegal.

The statement that "portscanning is illegal in California", and then using
CPC 502 as justification seems rather thin on several fronts.

First off, you have the definition of 'access'.  Pretty vague, as are most
legal definitions, but does a portscan constitute access?  A portscan
would be more akin to casing a house or business before robbing it.  But
at the same time, there are instances wherein 'casing' activities may be
misconstrued as preliminary to the crime itself.  Case in point -- I'm a
locksmithing hobbyist.  I tend, therefore, to notice locks and their
brands, setups, etc(i.e. our computer room uses Medco locks, the switch
room uses Schlage XXX type, etc).  Does that looking at the door/lock
immediately make me guilty of attempted robbery?  I would think not and in
fact legally it does not.

The same would stand under CPC 502.  A prosecutor would need to show two
very important, but different, preliminaries: method and means.  Just
because I portscan a box(method) does not construe me as having the means
of accessing the system(whatever exploit, knowledge, script, etc).

After a more thorough read of part c, it seems highly unlikely that a
prosecutor could take a single act of running nmap, pscan or whatever
against a system as a form of 'access'.  The code harps on the terms of
data, service and documentation and the illegal 'taking'(in the legal
sense of the word) of such.  Where, in a portscan, is this 'taking'?




                            Edward Mitchell
        Centigram Unix Geek, BOfH, Network Admin, Darth Sysadmin
                         ed () xwing centigram com
                      http://www.the7thbeer.com/ed
                          Sheepish Lord of Chaos
--------------------------------------------------------------
"Fear leads to anger. Anger leads to hate. Hate leads to using
Windows NT for mission-critical applications."
     -- What Yoda *meant* to say

On Tue, 12 Sep 2000, David Knapp wrote:

> I had the same question - is port scanning legal in California?  I was
> told that it is in fact illegal - see California Penal Code section
> 502(2)(c) - i believe for the specific wording.
>
> http://www.csupomona.edu/~iit/policy/penalcode_502.shtml here is an
> example, and if you search google for California penal code 502, you
> are sure to find links to almost every state college in California -
> they quote that section as justification for a number of Campus
> policies.
>
>
> I have had discussions about this with our Campus Police, as well as
> independant legal counsel.  They both said it is illegal and referred
> me to 502(2)(c).  However, neither could cite any court cases nor could
> they recall anyone even going to court for port scanning.
>
> If anyone has any further info about port scanning in California, I
> would be glad to hear it.
>
> tia
>
>
> dbk
> dknapp () calpoly edu
>
>
> > -----Original Message-----
> > From: root [mailto:root () rgfsparc cr usgs gov]
> > Sent: Tuesday, September 12, 2000 10:03 AM
> > To: INCIDENTS
> > Cc: root
> > Subject: Re: ICMP mapping, questioning legality!!
> >
> >
> > > A couple of days ago our snort detected a NMAP ping to all
> > our public IPS.
> > > Are they doing anything wrong legalwise? How can i go about it?
> >
> > That's going to depend on the laws of the country you're in,
> > and of the country
> > of origin.  In the US, port scanning is for the most part
> > legal, although
> > generally frowned upon.  The best thing I can suggest is
> > simply to block them at
> > your firewall.  If they're just doing a general sweep of the
> > Internet, they
> > probably won't bother you again, anyway.
> >
> > Cheers,
> >
> > RGF
> >
> > Robert G. Ferrell, CISSP
> > Information Systems Security Officer
> > National Business Center
> > U. S. Dept. of the Interior
> > Robert_G_Ferrell () nbc gov
> > ========================================
> >  Who goeth without humor goeth unarmed.
> > ========================================