RE: FW: Legal? Road Runner proactive scanning.[Scanned]

["Bryan S. Sampsel" <bsampsel () libertyactivist org>]

Jef Feltman said:
> So if someone comes and knocks on your door at home you shoot them? Do you
> consider them a criminal? No, you lock the door and windows.

Not quite an accurate comparison.  A portscan is comparable to somebody
testing those locks and windows.  An action that has legal ramifications. 
And legally speaking, a tresspasser doesn't have to bypass a locked door
to tresspass.

A knock is a "service" -- a method of communicating with my house.  As is
a phone or mail.  Just a tad different than a security probe.

> If your host is on the internet I consider it public and knocking on the
> door to see if the shop is open, is not a problem. If you do not want
> people
> coming in the door lock it and give a key to those who need it.

Still not an apples-apples.  There are legit ways of communicating with my
system.

> Based on your statement no website should not be accessed by anyone other
> than an employee. Sending E-Mail would be a violation also, as the port
> must
> be checked to verify it can be opened to receive.

Nope.  Email performs a handshake, it does not probe an entire system to
communicate.  If it receives no response on its connection attempt, it
ceases activity.

> Port scanning is not an attack it is probe. I have scanned many machines
> that have tried to attack my machine trying to verify if it is an attack
> or
> the host has been compromised. Unless the attack is currently in progress,
> the host is almost always taken over by a hacker or virus. Scanning the
> host
> allows me to find ports open that prove the host has been attacked and
> taken
> over. Then I am able to inform the ISP or user of the problem. And not go
> after some innocent user.

My IDS tells me who tried to attack/probe/portscan (pick one) and I inform
the ISP or server owner (from WHOIS) and let them know the nature of the
activity I'm seeing.  I do not want to initiate the same type of activity
against them, I want them to inspect and fix their problem.  Blocking the
attack is my business, inspecting and fixing it is theirs.

<snipped for brevity>

bryan

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------