Security Incidents mailing list archives
Re: ICMP mapping, questioning legality!!
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 13 Sep 2000 16:22:15 -0700
On Wed, 13 Sep 2000, UnixGeek wrote:
After a more thorough read of part c, it seems highly unlikely that a prosecutor could take a single act of running nmap, pscan or whatever against a system as a form of 'access'. The code harps on the terms of data, service and documentation and the illegal 'taking'(in the legal sense of the word) of such. Where, in a portscan, is this 'taking'?
lots of problems with laws like this, as you point out. First one is "authorization". I've got no way to know if I'm authorized to pull a web page from someone's web server. If someone could be prosecuted under this bit of law for, say a ping sweep, then I could prosecute you people for accessing port 80 on www.securityfocus.com, or connecting to port 25 of lists.securityfocus.com. I never gave any of you permission. But, just to be a nice guy, you can all have permission from here on out. :) No one would ever get prosecuted for that, because even really dumb judges, jurors, and prosecutors have an understanding that if I'm running a web or mail server, there's an expectation that it's OK to connect to them. The problem is, try and get the same people to undertand a SYN scan when you're a defendent, and you may be screwed. The problem is, common sense is not very common. If a judge doesn't have a good understaning of the tehcnical details of a SYN scan, he's going to refer to the letter of the law. The letter of the law pretty much says that anything you do to cause my CPU to spin a cycle that you don't have explicit permission for, may be a crime. There's a general expectation that if you put up a web server that people will use it, and that is authorized and expected. Clearly, judging by the number of people in this forum who want to punish people who poke at them, various scans are neither authorized nor expected. So, couple a badly written law with some significant number of people who consider scans hostile, and you've got scans being illegal until precedent says otherwise. It all boils down to what the judge will go for. Given recent rulings on DeCSS, etc.. it doesn't look particularly safe to tempt fate. Ryan
Current thread:
- ICMP mapping, questioning legality!! sec (Sep 12)
- Re: ICMP mapping, questioning legality!! Jose Nazario (Sep 12)
- Re: ICMP mapping, questioning legality!! Benjamin Krueger (Sep 12)
- <Possible follow-ups>
- Re: ICMP mapping, questioning legality!! Robert G. Ferrell (Sep 12)
- Re: ICMP mapping, questioning legality!! David Knapp (Sep 13)
- Re: ICMP mapping, questioning legality!! UnixGeek (Sep 13)
- Re: ICMP mapping, questioning legality!! Ryan Russell (Sep 14)
- Re: ICMP mapping, questioning legality!! Greg A. Woods (Sep 14)
- Re: ICMP mapping, questioning legality!! Rune Kristian Viken (Sep 17)
- Re: ICMP mapping, questioning legality!! UnixGeek (Sep 13)
- Re: ICMP mapping, questioning legality!! Steve Stearns (Sep 13)