Nmap Development mailing list archives
Re: Using nmap as an ISP troubleshooting tool?
From: kx <kxmail () gmail com>
Date: Tue, 21 Mar 2006 02:37:31 -0500
I am not a lawyer, and you should consult a lawyer familiar with legal precedents set in these murky waters. I will caveat all of the following with, I am a grad student and only casually acquainted with these topics. If you don't get helpful answers here, you might try NANOG. -- begin musings -- I think the biggest thing you will run into with management is their philosophy on responsibility for the hosts on their networks. From my understanding there is still a lot of grey area, but it falls into two concepts: Courts will hold ISPs responsible for the malicious traffic and hosts on their network, so ISPs should be proactive and police their networks. Courts will not hold ISPs responsible as they are neutral service providers. There is a certain precedent for this as lots of law suits against gun makers to hold them responsible for crimes committed while using a firearm have lost or been dismissed. I believe many network providers feel that if they regularly policed their networks, it would set a precedent that they were being responsible for hosts on their network and as such should be held responsible, which is something they don't want. In turn, would using nmap, a security auditing tool on your network be construed as taking responsibility? I don't know, but definitely consult a lawyer. As for law that prohibits port scanning, so far the precedence says no, but private "researchers" should be careful as computer crime statutes vary widely. Some references here: http://seclists.org/lists/nmap-hackers/2003/Oct-Dec/0007.html This gives you links to various state laws on computer crimes in general: http://www.ncsl.org/programs/lis/cip/hacklaw.htm However, as you are the ISP, you might have a huge open door on the typical "authorized access" clauses. Especially if you state that such tools will be used to troubleshoot network conditions in your Terms of Service. Because it is benign and provides a value added to the customer, I believe any judge would feel it was a enforceable contract. If you run a small ISP, would p0f help you catalogue and database your hosts? What about considering a host based tool? Comcast and Verizon both encourage the install of their "Help Desk" programs. It is generally Windows only and is not required to get online, but it might be an option. I personally hate it, but it might fit your needs/business model. I hope that gets you thinking and hopefully you will hear some good replies back from some operators on this list. Cheers, kx On 3/21/06, Simon <simon.xhz () gmail com> wrote:
Hi there, I'm new to this list, I've used nmap for about 5 years. I'm not an expert, I'm just a techie guy working for an ISP. Not sure if this is the right mailing list, but I'm wondering about a specific usage of nmap. One of the main problems we have to face is the identification of the client's OS and to know if there is a firewall or not, and if possible to know what kind of firewall. The main problem arise when the client himself doesn't know what's installed on the machine or when there is a language barrier that slows our work (for example somebody that doesn't speak english well). I figured it could be great to start nmap on the client's PC (with his verbal agreement to this) so we can gather more information from nmap. I'm sure it could really help in many situations and even if it takes a minute to gather all the information, but we could trigger nmap at the beggining of our call with the client. I was wondering what are the key aspects in using nmap from a call center, on the internal security perspective and on the business-to-client relationship. What would be the key words to use to convince our management to allow us to use such a tool (or to make a simplified interface that does the hard job with nmap)? Is there anything in the law that prevents this kind of usage, probably company policies would be a barrier too... but what else? If you have any ideas, please send them in! Thanks, Simon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Using nmap as an ISP troubleshooting tool? Simon (Mar 20)
- Re: Using nmap as an ISP troubleshooting tool? kx (Mar 20)
- Re: Using nmap as an ISP troubleshooting tool? AgentSmith15 (Mar 21)
- <Possible follow-ups>
- RE: Using nmap as an ISP troubleshooting tool? Craig Humphrey (Mar 21)
- Re: Using nmap as an ISP troubleshooting tool? kx (Mar 20)