Re: Using nmap as an ISP troubleshooting tool?

[AgentSmith15 <agentsmith15 () gmail com>]

Wouldn't it be easier to develop software for the client to run, and it
reports back what OS and firewall are running?

On 3/21/06, kx <kxmail () gmail com> wrote:
> I am not a lawyer, and you should consult a lawyer familiar with legal
> precedents set in these murky waters.  I will caveat all of the
> following with, I am a grad student and only casually acquainted with
> these topics. If you don't get helpful answers here, you might try
> NANOG.
>
> -- begin musings --
>
> I think the biggest thing you will run into with management is their
> philosophy on responsibility for the hosts on their networks.  From my
> understanding there is still a lot of grey area, but it falls into two
> concepts:
>
> Courts will hold ISPs responsible for the malicious traffic and hosts
> on their network, so ISPs should be proactive and police their
> networks.
>
> Courts will not hold ISPs responsible as they are neutral service
> providers.   There is a certain precedent for this as lots of law
> suits against gun makers to hold them responsible for crimes committed
> while using a firearm have lost or been dismissed.
>
> I believe many network providers feel that if they regularly policed
> their networks, it would set a precedent that they were being
> responsible for hosts on their network and as such should be held
> responsible, which is something they don't want.
>
> In turn, would using nmap, a security auditing tool on your network be
> construed as taking responsibility? I don't know, but definitely
> consult a lawyer.
>
> As for law that prohibits port scanning, so far the precedence says
> no, but private "researchers" should be careful as computer crime
> statutes vary widely.  Some references here:
>
> http://seclists.org/lists/nmap-hackers/2003/Oct-Dec/0007.html
>
> This gives you links to various state laws on computer crimes in general:
>
> http://www.ncsl.org/programs/lis/cip/hacklaw.htm
>
> However, as you are the ISP, you might have a huge open door on the
> typical "authorized access" clauses. Especially if you state that such
> tools will be used to troubleshoot network conditions in your Terms of
> Service. Because it is benign and provides a value added to the
> customer, I believe any judge would feel it was a enforceable
> contract.
>
> If you run a small ISP, would p0f help you catalogue and database your
> hosts?
>
> What about considering a host based tool? Comcast and Verizon both
> encourage the install of their "Help Desk" programs.  It is generally
> Windows only and is not required to get online, but it might be an
> option. I personally hate it, but it might fit your needs/business
> model.
>
> I hope that gets you thinking and hopefully you will hear some good
> replies back from some operators on this list.
>
> Cheers,
>    kx
>
>
> On 3/21/06, Simon <simon.xhz () gmail com> wrote:
> > Hi there,
> >  I'm new to this list, I've used nmap for about 5 years.  I'm not an
> > expert, I'm just a techie guy working for an ISP.  Not sure if this is
> > the right mailing list, but I'm wondering about a specific usage of
> > nmap.
> >
> >  One of the main problems we have to face is the identification of
> > the client's OS and to know if there is a firewall or not, and if
> > possible to know what kind of firewall.  The main problem arise when
> > the client himself doesn't know what's installed on the machine or
> > when there is a language barrier that slows our work (for example
> > somebody that doesn't speak english well).
> >
> >  I figured it could be great to start nmap on the client's PC (with
> > his verbal agreement to this) so we can gather more information from
> > nmap.  I'm sure it could really help in many situations and even if it
> > takes a minute to gather all the information,  but we could trigger
> > nmap at the beggining of our call with the client.
> >
> >  I was wondering what are the key aspects in using nmap from a call
> > center, on the internal security perspective and on the
> > business-to-client relationship.  What would be the key words to use
> > to convince our management to allow us to use such a tool (or to make
> > a simplified interface that does the hard job with nmap)?  Is there
> > anything in the law that prevents this kind of usage, probably company
> > policies would be a barrier too... but what else?
> >
> > If you have any ideas, please send them in!
> >
> > Thanks,
> >  Simon
> >
> >
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev